Whichever type of insurance you decide to take out, you’ll need to meet certain requirements. The same goes for cyber insurance – and this isn’t new.
Some years ago, for cyber insurance, businesses were required to provide end-to-end encryption and annual cybersecurity training for their employees, among other things.
However, the world has changed since then. The pandemic has skyrocketed the cyber threat landscape to record-high levels, in just about every single vertical imaginable.
As such, it makes perfect sense that multi-factor authentication is being added to the list of cyber insurance requirements, helping drive best practices across businesses of all sizes.
In this day and age, getting cyber insurance is among the best moves you can make for your business, right after implementing effective multi-factor authentication. It’s a win-win.
Before we talk about what you need to do, let’s start with the basics.
What Is Multi-Factor Authentication?
Multi-factor authentication, or MFA for short, refers to adding at least one, but preferably more layers of protection, usually on top of passwords.
Two-factor authentication would technically fall under MFA, but depending on the authentication layers that you use, 2FA hasn’t done the best against cyber threats.
All authentication layers typically fall into one of the three categories:
1) Something you know (eg. a password)
2) Something you have (eg. your mobile device)
3) Something you are (eg. your fingerprint)
And how good is it in reality? Well, according to Microsoft, MFA prevents 99.9% of account compromise attacks. When you think about it, it makes perfect sense.
If an account is only protected with a password, that’s the only thing an attacker needs to know to get in. Remember the notorious Colonial Pipeline hacking?
If it is protected with SMS 2FA, it adds an additional layer of security for the attacker to break through, albeit also not very hard.
And if your account is protected with three authentication layers, a security breach is all but impossible. Not only are there more authentication factors to get around, but it also gives your security officers more time to figure out something is wrong and prevent an attack.
Which of these factors a company will implement is completely up to the individual business, but there are some things to keep in mind: namely the link between security, user experience, and productivity.
Reconciling Security and User Experience in MFA
Not only has user experience become one of the biggest competitive advantages, but it’s also become crucial to employee satisfaction and productivity in the business world.
In fact, 74% of IT professionals who implement 2FA into their companies receive complaints from their peers. If you look at adoption rates of 2FA in the consumer world, you’ll see similar trends.
So, do you choose security or convenience? The thing is: you can have both, and multi-factor authentication works for you in that regard.
To start with, you have to make sure that your MFA system consists of complimentary authentication methods. You don’t want an overlap, nor do you want methods with similar weaknesses. The user experience and security will shine brightest when the authentication methods cover for each other.
More importantly, opt for a continuous authentication approach. And what’s that?
Continuous authentication, sometimes called CARTA for “continuous adaptive risk and trust assessment” is an approach that battles decay in authentication by verifying a user’s identity on an ongoing basis.
Let’s say your employee was using one of your sensitive databases. They log in, and that’s when their authentication score is at its highest. Then, the longer they’re using the database, the score drops. If they left the system idle for some time, the risk level would go up, and that’s when initial authentication checks would have to be done.
Other than time-based risk assessments, the authentication score can be determined based on contextual factors that include the device info, location info, and sometimes even the cognitive and physiological factors such as speed of interaction.
Not only is continuous authentication capable of securing your business in this way, but it can provide a frictionless user experience within MFA ensuring that your employees go through with the security practices instead of taking shortcuts to save time and energy.
Where do I even start?
The implementation of a multi-factor authentication system in your organization will depend on its current state. That’s why the place to start will be assessing your current system.
Gather your IT and security officers and make a game plan. Contact cybersecurity experts and get their opinions. Weigh the pros and cons of the available authentication options.
Biometrics offers the best user experience but poses certain privacy risks. Authenticator app-based 2FA offers great security but fails to provide a seamless user experience. Mobile IP address-based authentication options such as IPification offer seamless and secure registration and login experiences, and they are even capable of authenticating in the background and supporting the continuous authentication approach without any interruptions. And passwords and SMS OTP-based 2FA are best avoided due to their insecurity.
There are two things for sure:
1) To take advantage of cyber insurance, you now need to implement multi-factor authentication – and that’s not a bad thing.
2) While that may require some investment at the start, it will more than pay off in the long run.
We can help! Contact us, let’s talk.
