Hi everyone, Scott Munden here from Huntleigh Technology Group.
Welcome to our next segment in the cybersecurity series.
Last week, we focused on third party risk assessments and why they’re so important in determining where your risks actually are so that you can make informed decisions about how you might want to apply resources and where you’re going to apply those resources. And since I alluded to data breaches and the pervasiveness of data breaches, I thought that it would be a perfect segue into this week’s segment, which will focus on access management, specifically multi-factor authentication. I’ll use a kind of non-technical old world example for you to describe what it is, and then we’ll pivot that into specifically how it applies in the business and why it’s so important.
If you think of multi-factor authentication like a capital, and in order to enter the castle, the drawbridge has to be down for you to cross over the moat. Think of that as your password. So in order for the drawbridge to come down, you’ve got to give the secret handshake or the secret password. Once you’re at the gate, you’ve got a second layer there, something that’s going to identify you. And usually it’s going to be something like the family crest or where you came from that’s going to identify you as you.
And once you get past that particular layer and you want to get into the inner part of the castle, there’s probably going to be something that uniquely identifies you. For instance, someone says, “yes, that’s God, I know it’s God.”
Well, practical reality is that’s a form of biometrics, right? Somebody visually recognized my face. All those layers by themselves provide a level of protection. All three of them together actually provide a pretty significant strong layer of protection for you. So let’s pivot that into your business as an example.
If someone is able to actually penetrate your network through exploiting a website you visited or a vulnerability in your firewall, something like that, and they actually get into your network, their ability to go anywhere else will depend on their access.
If you have weak passwords or you don’t use multi-factor authentication, they’re probably going to be able to hack their way in and then they’re going to be able to move across systems or maybe even vertically up into your servers.
Having these three layers, while they did in fact get into your system, they’re going to be very restricted on where they can get to and what they can access. As you can see, the multi-factor actually provides those three layers together, provide a level of protection that actually makes it stronger or at least gives them the incentive to move on to the next target that may have weaker access management standards implemented. So we always encourage our clients every time we visit with them. And so I want to discuss specifically where they push back. I think we all in our personal lives have kind of gotten used to the multi-factor authentication, whether it’s our using biometrics on our mobile banking app or getting a text message or actually using authenticator app, many of us in our in our business are also doing the same it at the beginning, it is a nuisance. It can be cumbersome. It’s not always easy. It doesn’t always work the way it’s supposed to. Well, I left my phone someplace. I have to walk back to my office, get my phone, stone and so forth. I think once you put that into practice and you have a program, try to make some fun with it uh but you implement a program that that over time it becomes really muscle memory much like we do in our personal lives would anybody request that I want this as an extra step in my life no of course not but at the same time almost the resounding 100 response would be however I’ve If we’re talking about financial data or anything related to my identity, I’ll live with that layer of protection, that extra step that I have to go through to get from here to there. And as I mentioned, over time, it just becomes kind of a muscle memory and daily routine type of thing. So it really doesn’t bother you.
I would emphasize why that’s so important by going back to what I said. what I just said at the beginning of this comment was that if someone does manage to get into your network, their ability to get access to anything is going to depend in large part on your access management and the protections that you set up.
So I encourage you, follow the best practices for strong passwords, implement at least two-factor authentication and wherever possible multi-factor authentication with biometrics, because it does at least create a cause for pause for someone that’s trying to get into your system. It’s much easier for them to move on to the next target because you’ve put up some barriers that make it difficult for them to navigate.
All of this information, including some tips on how to implement MFA, and remember, again, these are the low cost, almost no cost things that you can do immediately and get people used to that concept, and they provide a significant amount of protection for you.
So go out to the blog. I’ll put up the graphic at the end. Look at the information that we post here on LinkedIn. Gather as much as you like. Post any comments or questions that you might have. And we’ll look forward to hearing from you. Thank you.
