If there’s 2FA, enable it, said Bryley’s Garin Livingstone when asked for his baseline recommendation for everybody for computer security.
2FA or MFA (two- or multi-factor authentication) is adding a second (or more) proof of your identity before being granted access to a machine or software.
2FA may also rank among the biggest pains in the neck, but for an inconvenient truth: we keep enlarging our digital exposure while the bad guys have cheaper access to better ways to steal our data (and therefore money).1 And as the old adage goes: a sniff of extortion2 is worse than a pound of fuss.
And, true, MFA can’t stop every kind of attack (I’m looking at you, man-in-the-middle3), but it does a worthy job of doing away with the bulk of compromised password issues – especially when the implementation involves a different device or card or biometric (like a fingerprint or facial scan).
But How Would We Implement It?
Bryley deploys an agent (software that performs tasks in the background) to handle the authentication to access and/or log-in to a workstation. We then configure the agent to require a second factor to log-in to the workstation. To minimize the second-factor log-in hassle, the agent can be configured to only require 2FA once a day, for example. But the agent Bryley uses is flexible to help you find the right balance of security and operational efficiency.
If you use an industrial control system, or other mission-critical infrastructure with native support for authentication protocol RADIUS, Bryley can further secure those systems with 2FA and password authentication. Additionally, the authentication can be synchronized with Active Directory (AD) to let users log-in with their normal user accounts.
Bryley’s MFA solution can integrate with on-premises AD and Azure AD to actively sync users and groups. For Single Sign-On (SSO),4 you can restrict certain user groups from being able to get at applications they don’t need to access. This includes things like project mangers’ or salespeople’s Professional Services Automation systems and any manufacturing software applications.
Additionally Bryley’s MFA policies allow you to restrict access to critical systems to a specific subset of users, so not all users within AD will have access.
I know it’s a good idea, but – oofta! – the employees!
SSO goes a long way in making the MFA experience both secure and easy-to-use, but even in an instance where SSO isn’t practical, with a bit of included training, it’s pretty smooth.
Most of the buy-in will come from helping your employees see:
- many breaches start with compromised credentials5
- people tend to re-use passwords (a recent study showed sixty-five percent re-use passwords6), so other preventive tactics must be tried because
- ransomware hits businesses of all sizes; seventy-five percent of ransomware attacks are on businesses with under fifty million dollars in revenue7
- small- to medium-sized businesses were shut-down as a result of an attack an average of twenty-three days.8 Many businesses find this unsustainable and so never recover from a breach. (Would you be able to continue to meet your obligations, including paying your employees, during that nearly month-long shut-down?)
We Can Do This
Bryley has the MFA expertise and tools to cut the risk your organization will suffer due to compromised credentials, which helps secure your data to keep your business going; Bryley has been a trusted business continuity adviser since 1987.
If you would like more information about integrating MFA in your organization, please contact us at 978.562.6077 or ITExperts@Bryley.com
1 For example, using an Internet-of-Things [IoT] security camera so I can check the shop floor from an app on my phone. And ransomware can be deployed by low-level criminals and is available packaged as-a-service on the Dark Web (see https://www.state.gov/darkside-ransomware-as-a-service-raas/
2 The cost of a breach now averages $4.24 million, per https://www.ibm.com/security/data-breach
3 Man-in-the-middle attacks are when a criminal gets himself between two connected devices and steals information.
4 Bryley’s integrated SSO empowers users so they are securely granted access with a single log-in using one set of credentials. Bryley SSO’s strong encryption and authentication methods can replace a lot of password use.
5 Compromised passwords are responsible for over sixty percent of hacking-related breaches, per Verizon https://www.verizon.com/business/resources/reports/dbir/
Lawrence writes about networking and security. He’s written for Bryley since 2015.