Q: My customers don’t always understand the importance of multi-factor authentication and other cybersecurity practices. How can my MSP convince them that this is important and what else should we be teaching them?
Cybercriminals are constantly adapting their tactics in order to bypass traditional methods of protection. As an MSP, it is your responsibility (especially in the eyes of your customers) to keep up with evolving threats and provide the protection that they need.
One method that has proven to help effectively deflect cyber-attacks, is multi-factor authentication — or MFA for short. MFA provides an additional security layer that creates more obstacles for bad actors to overcome, while simultaneously providing more barriers for end users to hide their personal data behind.
To help you highlight the importance of multi-factor authentication, please review the key details on this topic below: why it is necessary, best practices for employing MFA, and other cybersecurity practices that MSPs should be using alongside it.
Traditional cybersecurity methods are no longer enough
Over time, cybercriminals have found ways to bypass many of traditional security measures. Passwords are no exception, and if they fall into the wrong hands, the damage can be disastrous for individuals and businesses alike. Despite the risk it poses, many people continue to utilize the same password for several different log-in credentials, so having one account compromised could lead to nearly every one of that same user’s accounts being compromised.
#MultiFactorAuthentication creates more obstacles for hackers to overcome, while providing more barriers for end users to hide their personal #data behind. #MFA
Multi-factor authentication counters this problem by requiring other proof of legitimacy besides a password. This can be something as simple as a notification to a trusted phone or other device (via call, text, or app), that the end user must acknowledge to access a network or account successfully. When implemented properly, MFA adds very little complexity or extra stress to the process, while significantly reducing the risk in the existing process.
MFA best practices
MFA and credential security are inherently linked together. Improvement in one area will only strengthen the other at the same time. Some best practices to use in MFA and credential security include:
Monitor access – Designating an ‘owner’ for a resource or account that can monitor who is attempting to gain access within an organization is vital. The owner should know who in their organization truly needs access to the resource they are monitoring. If an individual who does not have clearance or reason to need access to the resource attempts to access it, the owner will be able to recognize this and alert the right contacts. This helps compartmentalize the organization’s data to ensure that compromised accounts are not gaining access to additional resources.
Re-validating credentials – It has become too easy for hackers to discover passwords or other credentials of an individual end user, while the user remains unaware that their account has been compromised. By employing a mandatory re-validation or resetting of credentials at a regular, consistent occurrence, it can limit the amount of time a hacker has to do damage within the system.
When implemented properly, #MultiFactorAuthentication adds very little complexity or extra stress to the #CyberSecurity process, while significantly reducing the risk in the existing process. #MFA
Maintain a sense of awareness – If a hacker is determined to access a system, they will be willing to work around the clock to do so. It is important to constantly be on the lookout for suspicious behavior that might indicate a breach. Emails that arrive at odd times of day, or requesting permissions or access to resources that are not typically needed for the requestor’s role are common examples of what your clients should look for in emails.
MFA is most effective alongside educational training
Even as strong of a cybersecurity defense as it offers, multi-factor authentication can’t stand completely on its own. To make it most effective, many cybersecurity experts recommend pairing MFA with educational training. Educational training will help prevent end users from unwittingly giving hackers the opportunity and tools needed to access their network. Education often serves as the MSP’s most powerful cybersecurity defense because it helps foster a strong culture of “cyber hygiene” with the clients who receive it.
Sharing the importance of MFA and educating customers on best practices, can help you turn everyday employees into strong guardians of their own data. When end users become better equipped to avoid cyber-attacks, it only benefits the partnership between their organization and your MSP, while also reducing your workload.
Photo: selinofoto / Shutterstock