Why It’s Vital to Use Multi-Factor Authentication to Protect Your Cloud Accounts
The move to the cloud was already well under way before the COVID-19 pandemic, but the crisis accelerated it. Now a majority of companies rely on the anywhere availability of cloud solutions, like Microsoft 365, to keep their businesses running.
But hackers go where the data is, and the most recent 2020 Data Breach Investigations Report (DBIR) by Verizon shows that they’re working overtime to get the passwords to your cloud accounts.
Some of the alarming statistics that showed the paths leading to credential theft include:
- The new #1 form of malware used in breaches are password dumpers (malware designed to steal databases of passwords)
- Credential theft is the #1 focus of phishing attacks
- 77% of all cloud asset breaches involve compromised credentials
Companies that don’t have safeguards in place can easily fall victim to an account breach, which can lead to data loss, a ransomware infection, or an account takeover.
While there are a number of ways to protect credentials, including use of a password manager, sometimes passwords are compromised through a breach of a third party vendor.
In this case, one of the best protections that can still keep your account safe is Multi-factor Authentication (MFA).
MFA is 99.9% Effective at Stopping Hacked Accounts
Multi-factor authentication is one of the best safeguards you can have against credential theft and compromise of your cloud accounts.
According to Microsoft, it’s 99.9% effective. A separate Google study also found it to be between 76% and 100% effective, depending upon the type of MFA used and mode of attack.
What makes MFA so effective? It requires a second form of authentication, typically one that a hacker is not going to be able to get past.
The way that authentication factors work is something like going through different locked gates to get inside a castle. If there is only one gate, one that requires a username and password, any person that has that information can get through, authorized or not.
MFA is like adding a second gate after the first. But to get past that gate, the person has to give a piece of information that’s just been sent to something in the possession of the authorized person, like their mobile phone. Because the code is being sent to a physical device in the owner’s possession, it’s much less likely that an impostor is going to be able to get that information to make it past the second gate.
So, if you were looking at an overview of the castle surrounded by two fences, each accessed by the two gates, you would see a lot of impostors that made it past the first gate. But, only about 0.01% of them would make it past the second gate to the castle.
How MFA Works
Once MFA is enabled, it adds that second gate to the login process for your cloud accounts.
The user will typically be asked to set up a device to receive the MFA code. This will usually be a mobile device and the code can be sent either via text message or via an on device or in-app prompt.
One safeguard of the MFA process is that the code is sent right after the user logs in and clicks a button to send the MFA code, and they have only about 5-10 minutes before the code expires.
The fact that the code is time sensitive helps to prevent hackers trying multiple code combinations, which takes time.
- Enter username/password
- Click to send MFA code to user device
- Enter code to complete login
What is Single Sign-On?
If your business uses several cloud applications, then using MFA for each of them can be cumbersome to users. In this case companies can use a tool called a single sign-on application (SSO).
An SSO can be connected to all your cloud logins and it can allow an employee to go through the login and MFA process just once to gain access to all their apps. This streamlines the user experience and gives you additional security controls.
For example, you could decide to add additional challenge questions if a login is happening from outside a certain geographical area or include additional steps for more sensitive users, like those with administrative privileges.
Whichever way you decide to set up MFA, on all apps individually or using SSO, it’s vital that you put this important safeguard in place to keep your cloud assets protected.
Get Help Setting Up Secure & Simple Account Protection
C Solutions can help your company set up the cloud account protections you need, including MFA, single sign-on, and optimized app security settings. Don’t leave your cloud accounts at risk of an account takeover!
Schedule a free technology consultation today! Call 407-536-8381 or reach us online.