Multi-Factor Authentication: Your Best Defense Against Social Engineering

Social engineering and multi-factor authentication may sound like terms from a dystopian novel, but they’re actually what’s bad and good in the world of cyber security.

Bad News: Social Engineering 

Social engineering is the practice of tricking people into taking actions that give cyber criminals access to systems and data. Think of well-crafted emails that look like they’re from myvendor@company.com but are really from myvendor@compnay.com. 

Social engineered emails (phishing), texts (smishing) and phone calls (vishing) trick users into thinking they need to take action now! And that action opens a door into your system for hackers to exploit.

Good News: Multi-Factor Authentication (MFA) 

Multi-factor authentication (MFA) doesn’t directly combat phishing. Instead it helps secure your systems and accounts from the type of information cyber criminals usually get from phishing (and smishing and vishing) attacks.

MFA simply means that instead of using one factor to prove you are the person who is supposed to have access to an account (the password) you have more than one factor. The simplest example of this is when you login to your bank account on a new device for the first time, the bank texts or emails you a 6-digit code to enter to prove that you are you. The text (or email) is a second form of authentication.

With MFA enabled, even if hackers steal your banking password, they won’t be able to access your account because they can’t perform that second authentication.

The Best Multi-Factor Authentication (MFA) Method

Hackers being who they are, they have found ways around some forms of MFA (if they want to take the time to do it). But there is one form that appears to be hacker-proof: Multi-factor authentication by app.

With this method, you first need to download an app to your smartphone — called an authenticator app. Two great ones are Cisco DUO (App Store / Play) and Microsoft Authenticator (App Store / Play).

You set up the MFA for your accounts with the simple scan of a QR code by the app. Then, the next time you login from a new device, you simply look at the app for a 6-digit code that verifies you. Codes change every 30 seconds. So, even if your phone number or email has been compromised, the hackers can’t access your account because they don’t have your phone with the authenticator app.

3 Steps to Better Security With MFA By App

If it is configured properly, multi-factor authentication is the best method available for preventing unauthorized access to your accounts. Here are three simple steps to better security for your business.

1. Set up multi-factor authentication across all your business email accounts and require your employees to do the same.
   
2. Set up MFA with all your vendor or partner accounts. If they don’t offer MFA security, consider switching to a provider that does.
   
3. Monitor access attempts. With the new dispersed workplace, monitoring is more critical than ever as cyber criminals are taking advantage of the changes COVID-19 has made to our work environments and communications.

Many small and midsize businesses will need some help from a trusted IT partner to roll out MFA and monitor access attempts. Even companies with in-house IT teams often find it more cost effective to partner with a managed service provider (MSP) to support their internal teams. If you need help or advice about rolling out MFA for your business, the Aeko Technologies team is here to help.