Importance of Multifactor Authentication
Did you know that most company security breaches are caused by employee misuse of passwords? You would think that, with all the security training programs companies require their employees to sit through these days, password problems would no longer be a major cause of security intrusions. Perhaps employees should do more than “sit through” such important training. Unfortunately, most employees are probably thinking more about convenience than securing data. Fortunately, there is an efficient solution to securing your enterprise data.
Why Passwords Can be a Problem
Security and password training programs have been around for years. They continue failing because of inconsistency, lack of planning, and unengaging content. Employees are bored with having to constantly complete security trainings. They’d rather just do their work.
Let’s face it, it is much easier to use the same old password, or a short, simple one. The corporate password policies that automatically require changing passwords every 60 or 90 days can raise havoc with employees doing their jobs by impeding access to servers and data. (Of course, these occurrences increase the number of IT Support tickets.) Also, sharing passwords with co-workers to “get the job done” can be a problem as well, especially with employee turnover.
You may find the statistics about passwords and data risk particularly useful at this link: 55 Important Password Statistics You Should Know: 2022 Breaches & Reuse Data – Financesonline.com
Consider these basic questions about passwords:
- Which cybersecurity process is over 99% effective at preventing breaches and incidents? Answer: Multifactor Authentication (MFA).
- How many passwords are on the dark web? Answer: Over 555 million! Password reuse is the most common reason for company data breaches.
- How many office workers admit to sharing passwords over email or writing them on sticky notes? Answer: 60%
What’s the Remedy?
The biggest data breach risk to your company comes from using poor passwords. By poor, we mean passwords that are too short, too simple, too easy to guess, and are used over and over by staff for different purposes. These passwords are ripe for any skilled intruder to easily discover. Unfortunately, just telling staff to use complex and unique passwords is an uphill battle.
So, what are the experts suggesting? The Center for Internet Security’s CIS Controls® recommends implementing CIS Control 5.2, which calls for using unique and complex passwords to protect all enterprise assets, and implementing, at a minimum, an 8-character password for accounts using MFA and a 14-character password for accounts not using MFA. So, what’s MFA all about?
MFA (Multifactor Authentication) is a process where you not only specify a username and a password, but you also reply to a text message with an automated, secret 6-digit authentication code. By requiring MFA for access to your company network and email, you can expect a 99% or greater reduction in costly and embarrassing breaches. Your IT professionals will ideally implement software policies across your organization that require at least 8-character passwords with some degree of complexity combined with MFA to log in. Industry trends show that MFA is becoming a widely accepted and often expected mode for reducing risk.
Reliable Password Management Systems
By the way, how can you manage all of this? The best way is to implement an enterprise password management system which makes it easy to generate, store, secure, and use unique and complex passwords. Ask us about this effective and easy-to-use system as part of your network security stack.
Since 1987, CCI Managed Services has provided local businesses with secure network management services. CCI can help you with all aspects of password management by independently and affordably assessing your organizations network security. Let our experts assess your setup. We will provide you with a clear and concise report card that spells out the risks you have now and how to solve them.
Feel free to call us today with your questions about password security and MFA. Or contact us online to request a password security assessment.