During a time in which hacks, breaches and ransomware attacks are growing at an alarming rate, Microsoft says that successful attacks on systems that use Multi-Factor Authentication (MFA) are so rare, they don’t even have statistics on them. In an article on ZDnet, Microsoft also says only about 10 percent of their enterprise customers have implemented MFA, which points to a very large missed opportunity to instantly secure corporate data and IT resources. In short, if you aren’t using multi-factor authentication, you should implement it right away in order to protect your business, vendors, customers and staff.
How Hackers Hack When You Don’t Have Multi-Factor Authentication
To fully understand the value of MFA, you need to understand how hackers hack when there is no MFA installed on a system. In a nutshell, the hacker needs to gain access to your username and password. Among the most common access methods hackers use to steal that information are:
Brute force is a usually-automated method of trying hundreds or thousands of passwords to gain access to a system, often based on common passwords or personal information about you, including birthdays, spouse names, pet names, anniversary dates, etc.
Most phishing occurs when hackers send millions of emails to people saying something like “Your (bankname) password has been compromised. Please log in to change your password.” But the link they give you is to a fictitious login page, where they will collect the username and password you enter, and immediately attempt to use it on the real bank site. This can work equally well if the email and link are related to your company resources. Smishing is the very same thing, though the initial message arrives via text message.
Somewhat related to phishing, social engineering is when the hackers impersonate someone else in your company or organization and sends you an email with a request to grant access to a resource (your email, the network server, etc) to someone else, or to share your login information with them. If the impersonated person is someone of authority, people are likely to send the information without question.
Malware can end up on your computer in dozens of ways (email, websites, attachments, network shares, thumb drives, etc). And if it does, it can do terrible things...including run a keylogger, which is a piece of software that records everything you type and sends it directly to the hackers. If you log into any other site while a keylogger is running, your username and password will be immediately shared.
Data breaches at big companies and small companies alike can mean your information is available on the dark web, where bad guys buy and sell your information. Among that information could be personal information (addresses, ssn, drivers license info, credit card numbers, bank info, etc.) and even corporate login information.
Every day, many thousands of people -- including some very intelligent and sophisticated people -- get hacked using one or more of these methods. Once a hacker has your login credentials, they can do incredible damage, using one resource (such as email or network logins) to gain access to other resources.
How MFA Stops Hackers, Fast
If you are not familiar with Multi-Factor Authentication, it works like this: You log in to a resource with your username and authenticate with your password. You are then challenged with an additional way to authenticate that does not involve your password. That additional way could be anything that gets additional information that you -- and only you -- could have access to. For example:
Text Message Verification
When you attempt to log in to a resource, you are sent a text message to your cell phone with a code. Since you are generally the only one with access to your cell phone, you would be notified of any attempt to log into your account.
Google Authenticator and Microsoft Authenticator both use apps on your verified cell phone in order to log you into a resource. One method has you scanning a dynamically generated QR code on the login screen of the resource with your Authenticator app, which then creates a code for you to enter into the login screen.
Smart Cards/USB Keys
Digital authentication keys are stored on Smart Cards or USB drives, which must be inserted into a device so that the resource’s login screen can read the key contents.
Of course, there are many other methods of MFA, but these are some of the most well known. And as you can imagine, each of them has the power to stop a hacker in his or her tracks, preventing access to vital corporate resources.
Secure Your Company with Multi-Factor Authentication
While Multi-Factor Authentication is extremely effective, it’s just one of many methods you need to use to secure your company’s information resources. Many companies contain hundreds of thousands, or even millions of records of Personally Identifiable Information (PII), which if breached, could cause the company to pay huge fines and its executives to face stiff criminal penalties.
It’s never too early to secure your company’s resources, but it can quickly become too late. Contact Digital Uppercut today for a consultation about how we can protect you, your company, your vendors and your customers. Call us at 818-913-1335 or contact us online any time.