cyber insurance

#35: Cyber Security Series Pt.3 – Multi-Factor Authentication

In this episode of The Power Up Project, we cover:

>Part 3 of our five-part cyber security series -MFA

>What is Multi-Factor Authentication (MFA)?

>Why is it very important that MFA is enabled?

Transcript:

In this episode, we talk about the next in our five-part series of most effective cyber security defenses which is Multi-Factor Authentication.

Welcome back to The Power Up Project. Great to have you here. Today we’re going to be talking about the next in our series of five top cyber security defenses for your business and this is one that we have spoken about a number of times before in this podcast. So, for those people who’ve heard this all before, I do apologise but, it is a very, very easy, cheap and important one that you will need to be taking very seriously. And that is Multi-Factor Authentication.

So far in this series we have touched on having an advanced, intelligent firewall in place, we’ve spoken about cyber security insurance, and now we’re going to talk about Multi-Factor Authentication. Now, Multi-Factor Authentication in most cases is free or at least very low cost, is very easy to implement and, in my opinion, is possibly the most effective way we have at the moment of protecting our user accounts from malicious actors.

So, what is Multi-Factor Authentication? Multi-Factor Authentication is something that we are all going to be familiar with in business. It’s when we need another form of authentication in addition to our normal username and password in order to log on to an account. For example, we should all be familiar with this, with our internet banking. We log on to our internet banking with a username and a password but then in order to take any action within that account such as transferring money out of the account, we must enter another code. In my case, I have a little keyring dongle with a six digit numerical code that changes every sixty seconds and I simply read that code off my keyring dongle and I type it into the internet banking and my transfer goes through. So, that is Multi-Factor Authentication.

Multi-Factor Authentication within Microsoft Office 365 is there, ready for us all to use. It’s very easy to turn on and you can receive that secret code in a number of ways. You can receive it by text message to your mobile phone or you can receive it using the Microsoft Authenticator app which is a little app you can put in your smartphone that even lets you not have to type in a code but, simply press another button which says “Yes, approve.” But the point is, it is another level of authentication and specifically it’s another level of authentication that is based on something that you have. You have your mobile phone that receives that code, you have the keyring dongle that presents the secret key.

Multi-Factor Authentication is available in almost all modern cloud applications that we’re going to be using within our business. It’s available in all of the Microsoft Office 365 Suite, in Xero Cloud Accounting, in things like Confluence, it’s available for your social media application such as Facebook.

So, my homework for you today, given I’m not going to go on ad nauseam about Multi-factor Authentication yet again. My homework for you today is to write down a list of all of the applications and systems that you use in your business especially those ones that have something to do with the internet such as your email, such as your internet banking, your financial package, social media, those things. And then, I need you to Google each of those apps with the words Multi-Factor Authentication after it and check and make sure that that application does indeed support Multi-Factor Authentication and I can tell you in almost all cases the answer is going to be Yes. And then, I need you to have a look at your user accounts within that platform and make sure that Multi-Factor Authentication is actually turned on and enabled for all users. And it really does need to be all users. We certainly see some people who only like to enable Multi-Factor Authentication for those user accounts that they think are riskier targets or high profile targets. The unfortunate thing though about cyber security is that it often comes down to the weakest link. And the weakest link in terms of your network security maybe that one user account that you didn’t think really needed to have Multi-Factor Authentication turned on. So write the list, do a little bit of Googling and then go and have a look at all the user accounts in those systems and make sure that Multi-Factor Authentication is actually turned on. Of course, if you need any help, your IT people are there to help with this as well.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT and Digit IT. Please leave us a review where ever you get your podcasts and, until next time, keep powering up.