Why your company needs multifactor authentication
ARTICLE | May 24, 2023
Authored by RSM US LLP
Multifactor authentication (MFA) is becoming increasingly important as a security tool. Just five to 10 years ago, not many companies used MFA. Instead, organizations relied on passwords to control access to applications, data and devices.
However, these passwords became longer and harder to remember and manage. Companies forgot to change default passwords. Cybercriminals also became experts at cracking passwords.
In the wake of these developments, MFA has become the standard for identity and access management as part of a layered approach to security.
What is multifactor authentication?
MFA is a way of identifying and verifying the authority of a user immediately using a secondary method of authentication. Typically, MFA verifies the identity of users based on something they know, have or are. For example, the secondary factor could be a token, a single-use code or a biometric, such as a fingerprint or a facial scan.
An MFA strategy can be used as part of a zero-trust approach to security. Zero-trust security follows the principles of “never trust; always verify,” which are supported by the way MFA promotes identity and access management.
MFA adds another layer to a company’s defenses by ensuring that the users connecting to business resources are employees and not bad actors.
Why MFA is crucial now
MFA has become a requirement for many companies. For example, the Federal Trade Commission requires that financial institutions use MFA to safeguard sensitive financial data. Now the FTC is extending these requirements to any company that deals with customer financial information. For example, car dealerships would be subject to the requirement because they run credit checks on customers.
Under these criteria, companies in most industries will need MFA eventually. Cyber insurance providers also require that companies use MFA in order to qualify for a new or renewal policy.
Use cases for MFA are also expanding. While MFA previously focused on virtual private network logins for remote workers, now it’s being used for administrator accounts. When admins log into servers, they receive another prompt.
Today, MFA is used not only on the edge of the network but also within the network environment. Access can be controlled based on job role to prevent employees from using resources that aren’t needed for them to do their jobs.
What you need from MFA
Not all MFA solutions are created equal. For example, Cisco Duo has additional features and functionalities that its competitors don’t provide. With Duo, single sign-on addresses the complaints of employees who become tired of jumping through multiple hoops to access the resources they need.
A good MFA platform should also have risk-based authentication, in which the authentication process adjusts to match the risk level. As hackers get wise to MFA, they try to work around it. Some MFA users will experience push fatigue. If hackers keep trying, eventually the user will accept the login just to stop getting notifications. Risk-based authentication mitigates risk by looking at the location or time of an access attempt and denying the login until authority can be established.
MFA: Part of the bigger security picture
Like most security solutions, MFA isn’t a silver bullet but part of an overall security strategy. Your company needs an advisor with the security knowledge and experience to fine-tune your security policies and develop a holistic approach to IT security.
As one of the largest Cisco-certified managed service providers, RSM can help your company develop a security strategy supported by Duo and other leading security technologies. With over 10,000 Duo clients and customers and as an early adopter of this solution, we have the knowledge and experience needed to ensure your business gets the most out of Duo.
Contact us at one of our locations or fill out the form below and we'll contact you to discuss your specific situation.
This article was written by RSM US LLP and originally appeared on 2023-05-24.
2022 RSM US LLP. All rights reserved.
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/about us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.
Johnson & Sheldon, PLLC is a proud member of the RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.
Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.