Turn on Multi-Factor Authentication Before Hackers Do
If your firm has adopted a new cloud or SaaS application during the pandemic to keep business as usual, your firm may have seen a new set of risk and compliance issues that need to be mitigated and managed. One of the most important things to consider and review is Multi-Factor Authentication (MFA). Though MFA is not a silver bullet from a security perspective, it prevents most of the common attacks and breaches. Every platform, accessible from the internet must have MFA turned on. Unfortunately, many cloud platforms do not do this by default, and it must be driven by the organization. Things to check are: SaaS platforms, VPN, Citrix, O365, and G-Suite.
As phishing attacks continue to speed up globally, especially during the pandemic, it is essential for Investment Management and BioTech firms to understand and educate employees on the importance of extending security practices to beyond the walls of the office. Implementing MFA on employee devices and applications firms can help ensure secure remote working for its employees.
MFA is an authentication method by which a user is only granted access to a device after successfully presenting two or more pieces of evidence (factors). You can read our blog article on MFA to learn more about this security tool and how it can help secure your network both inside and outside of the office.
Beyond implementing MFA, remind users to only click the verification notifications if they specifically triggered it. We have seen hackers try and leverage multi-factor fatigue to gain access to systems. So – turn on MFA for you and your firm before the hackers do!
If you do encounter an instance where you cannot access your account because a hacker has turned on the two-factor authentication and potentially affected you and or your firm, be sure to report this to your Incident Response Team (IRT) so they can quickly mitigate risk and exposure.
A technical member of the IRT should be responsible for monitoring the situation and ensuring any effects or damage created as a result of the incident are appropriately repaired and measures are taken to minimize future occurrences. The IRT will also need to define any necessary penalties as a result of the incident.
Putting a specific MFA product in the spotlight, ECI offers Duo, a two-factor authentication tool, to our Cloud Solutions clients to provide an added layer of security and protection. Duo combines modern two-factor authentication with advanced endpoint security solutions to protect users from account takeovers and data breaches.
With Duo, users leverage their smartphones for authentication, eliminating the need to carry extra devices, like tokens, fobs and key cards. And through Duo’s one-tap app, users don’t need to ask for bypass codes to get around two-factor, since the app is quick and painless.