ADVANCE | Building Your Technology Advantage

View Original

Another Day, Another Breach - Why multifactor authentication and security policies are big deal

Why multifactor authentication and security policies are big deal

“Another day, another breach” seems to be the common news across Australia at the moment.

Online research suggested that up to 38% of larger corporations have not implemented multifactor authentication across their workforce, leaving a gaping security hole for attackers.

Attackers regularly gain access to Australian Business systems through phishing campaigns, stolen credentials, from weak or previously breached cloud services, and passwords sprays simply to name a few techniques.

The question we get asked regularly is how we can mitigate these risks? 

Multifactor authentication is the first line of defence when it comes to protecting our online business resources and can be further enhanced with security policies and monitoring of these services.

What is multifactor authentication?

Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their mobile phone or to provide a fingerprint scan.

Passwords on their own leave an insecure vector for attack and we regularly see breaches related to weak or shared passwords across multiple services. 

When users require a second form of authentication, security is increased as this additional factor isn't something that's easy for an attacker to obtain or duplicate.

How to enhance MFA?

In addition to multifactor authentication we recommend businesses ensure they are monitoring all authentication and access attempts.  This can be done via a security information event management system to assist with detection of malicious actors.

It is also important to enforce authentication polices to deny access where it is not needed. For example, certain employees may never need email access from outside the office network or corporate VPN so policies can be enforced to ensure access outside these locations is denied.

What should you do?

Step 1 – Ensure you activate multifactor authentication in your organisation.

Step 2 – Enable conditional access

Step 3 - Adopt a secure password policy in conjunction with an enterprise password management system (i.e. Lastpass)

 

Need Assistance?

Call Nik Villios or email Advance at sales@advance.net.au

We can help you secure your organisaion from a full audit to authentication and monitoring.

Make sure ‘another day, another breach’ does not become a mantra of your workplace