What is the Easiest Way to Prevent Cyber Attacks?
According to Microsoft, their cloud services experience over 300 million fraudulent sign-in attempts every day. If you find this number alarming, you’ll be happy to know that there is a simple solution to the ever-present risk of someone fraudulently accessing your accounts: Multi-Factor Authentication.
MFA comprises of a wide range of various implementations. There are three main categories of MFA implementation: something you know (a second PIN or password), something you have (a keycard), or something you are (biometric data).
The most common implementation of MFA falls into the “something you know” category. For instance, when you log on to your bank account, many services will send you a text to your phone with a PIN to enter before you can access your account.
This works similarly with email, but phones are more secure, as a phone number is more difficult for a hacker to hijack when compared to an email account. Since phone numbers can only be associated with one device, they are much more secure than email.
Note: Even if your smartphone is connected via UC-One VoIP services, your phone number is still only associated with your smartphone. Your office phone, if connected to your smartphone, simply forwards the call to you, rather than sharing a phone number. So, even if you use a UC-One option, your phone number will always be more secure than your email.
In fact, MFA is such a roadblock for hackers that 99.9% of cyber attacks can be stopped by MFA. But to understand the true value of MFA, we first must look into the main culprits of cyberattacks, and how MFA can help.
THE MOST COMMON VULNERABILITIES
We’ve gone into phishing before, both on our Coffee With Cobb webinars, and in other blogs about cyber security. There’s a reason this topic keeps popping up, however; phishing accounts for the majority of successful hacks.
A common phishing tactic hackers use is to trick an employee into “resetting” their password for an account. This is usually triggered by sending an email posing as an automated security warning that their account was compromised, and they need to change their password.
Helpfully, this phishing email will offer a link to reset their password. Once the employee clicks this link, they will be taken to a page that allows them to input their old password, and enter a new password. Once these forms have been filled out, the hackers responsible have access to that employee’s password.
This is an extremely simple but effective way to discover an avenue for a hack — there’s very little risk on the hacker’s part, and since people usually repeat the same two-or-three passwords throughout their online accounts (a staggering 73% of passwords are duplicates), the hacker has now received at least two passwords for two different online services that employee uses.
Other than un-secured email clients and re-used passwords, the third most common vulnerability that hackers exploit are legacy systems.
A legacy system refers to an outdated software platform or client that no longer receives regular updates, leaving it open to cyber attack. Since many businesses still rely on legacy systems, it leaves them particularly vulnerable to attack. Unlike email and duplicate passwords, however, legacy systems don’t have a simple fix; they are often too outdated to implement MFA systems, and thus cannot usually benefit from this second layer of security.
HOW MFA CAN HELP
Going back to our phishing example, let’s imagine you’re having a rough day, you’re frazzled, and you receive an email telling you that your car insurance account has been hacked, and you need to change your password. So, you fill out the password changer, and go about your day.
If this situation happened without MFA activated, throughout the course of the next few weeks, you would begin to find the evidence of data being stolen from various accounts. Even if your passwords feature variations such as adding an extra symbol or character, password crackers are built to brute-force-guess your passwords. If they only need to guess one or two characters, the time needed to do so is short indeed.
With MFA, you would immediately receive a text message or an email with a PIN to log into your account. Knowing that you had not attempted to log-in to that particular service, you could then contact the service in question to let them know about a fraudulent sign-in.
What MFA achieves is a second layer of security — so it won’t matter if a hacker has your password — without a second form of identification, your account is inaccessible.
The simple truth of the matter is there is no amount of cyber security that is 100% successful against blocking cyber attacks — but adding additional layers of security to your accounts dissuades hackers from attempting to steal your data. Just like in sales, hackers go for the lowest-hanging fruit — the easy-to-hack accounts — not the accounts with multiple layers of security.
MFA IS EASIER TO IMPLEMENT THAN YOU’D EXPECT
The best part is, MFA is simple to implement within your organization. In the era where smartphones are ubiquitous, virtually every employee has access to a second device with an associated phone number.
There are, however, the other options of bio-scans, keycards, or email PINs. If you’d like to learn more about MFA, speak to our MITS team here.