MFA or multi factor authentication is an authentication measure where users have to input more than one verification method to access their account. MFA needs to be an integral part of every organisation’s security as identity fraud has grown since the pandemic begun.
According to Andrew Conway, General Manager, Microsoft Security cybersecurity has evolved over the past 12 months.
“For many businesses, the limits of the trust model they had been using, which leaned heavily on company-managed devices, physical access to buildings, and limited remote access to select line-of-business apps, got exposed early in the pandemic. This paradigm shift has been most acute in the limitations of basic username/password authentication”.
In February, the Australian Cyber Security Centre (ACSC) in February urged Australians “to strengthen proof of identity protections to help stop cybercriminals gaining unauthorised access to online information and accounts”.
The benefits of MFA
MFA doesn’t have to be a password, it can be an array of things explains Melanie Maynes, Senior Product Marketing Manager, Microsoft Security.
“Basic MFA augments passwords with SMS, one-time passwords (OTP), and codes generated by mobile devices. Strong MFA employs high assurance factors such as FIDO security keys and smart cards to authenticate users. Fingerprint scans, facial scans, and other biometrics are secure authentication methods that can simplify sign-in for users”.
According to a MailGuard, MFA requires multiple strands of information that only legitimate users will likely know and/or possess – ensuring that requests to access an account are indeed valid. It’s little surprise that MFA has been reported to prevent 99.9% of cyber-attacks from breaching accounts.
Multi Factor Authentication also protects users against email-borne cybercrime – a growing threat that is impacting many organisations, with devastating consequences. Regular readers of our blogs will be aware that the most common phishing emails we see are using links to pages which look like they belong to Microsoft 365, prompting the user to enter their account details to open a onedrive file. If the user falls for this scam and enters their email address and password, it’s game over and the hackers now have access to their Microsoft 365 account and email. However, if they have incorporated MFA, then the Cybercriminals won’t be able to login with the email and password alone.
Ann Johnson, Corporate Vice President, Security, Compliance & Identity Business Development, Microsoft, says, “You want to be using strong authentication for anyone that accesses your environment.”
“We know that 99% of hacks have some type of password element, however that password was stolen. Using strong authentication will at least give you a first line of defence against that. Use multi-factor authentication for 100% of the people that access your environment 100% of the time.”
Jim DeMarco, insurance digital strategist, worldwide financial services at Microsoft says enabling MFA can be one of the quickest and most impactful ways to protect user identities, and an effective means to reduce the threat and potential impact of business and email compromise.
“MFA has been available for all Microsoft 365 users since 2014, yet many small-to mid-sized business system administrators have not enabled it for their users.” If you are a global admin for your organisation’s Microsoft 365 tenancy, you can find instructions on enabling MFA company wide here.
The Australian Competition & Consumer Commission (ACCC) said Australian businesses reported over $14 million in losses to Scamwatch last year due to payment redirection scams, AKA business email compromise (BEC) scams. It added that average losses so far in 2021 are more than five times higher compared to average losses in the same period last year.
ACCC Deputy Chair Delia Rickard says, “Payment redirection scams impact businesses across many industries, including real estate, construction, law, recruitment, and universities.
“An increasing number of reports are coming from sports and community clubs which reported more than $55,000 in losses to payment redirection scams last year. It is likely we will see similar figures this year, with $18,000 already reported lost so far in 2021”.
The ACSC has released a how-to guide on turning on MFA on different accounts like Messenger, Instagram, Apple and Twitter. Read the guide here.
Contact Us
If you are interested in enabling MFA to add an extra layer of security to your Microsoft 365 account, or to investigate if any other services you use can be enabled for MFA, reach out to us today at security@bangitsolutions.com or call us on 1300 770 035.