The Importance of Two-factor Authentication

The Importance of Two-factor Authentication

August 18, 2021

    Last year in July, the world was learning of the Blackbaud data breach targeting the many non-profit organization that they serve. Sadly, this breach jeopardized the personal information of donors around the world. We walked through the Cyber Insurance claim process with a number of our Garden clients; engaging the Insurance Carrier Breach Coach/legal teams to evaluate each client’s situation to determine breadth of the breach and guide next steps in response and to pay for costs associated with the breach. This is a complex process as each state and country has its own protocol in defining a breach and secondly what is required in terms of response.

    Ransomware is the leading cause of cyberattacks which have increased over 150% this past year alone. Ransomware is costly because it is the most disruptive cybercrime. Unlike cybercrime focused on theft, ransomware sidelines organizations – it can shut down your point of sale system, email function, integrated phone systems leaving you with no way to welcome guests to the garden. Ransomware criminals usually also steal data before deploying ransomware so that they can extort victims by threatening to publish the data – so-called “double extortion.”

    Cyber insurance has been a remedy to these situations providing breach response, legal guidance, forensic investigation, funds to pay ransom should it be deemed beneficial to unlock access quickly, loss of income and public relations. What we have learned from all these events is the importance of Multi-Factor Authentication (MFA or 2FA). In fact, it is becoming a requirement by most cyber insurance providers to purchase or renew existing coverage. At a minimum they want to see MFA protection on email and on remote access.

    While no cyber security method is foolproof, using two-factor authentication can add an extra layer of security. So how exactly does two-factor authentication work?

    While complex passwords can help deter cyber criminals, they can still be cracked. To further prevent cyber criminals from gaining access to employee accounts, two-factor authentication is key.

    At a minimum Two-Factor should be implemented on email and remote access. Given the increased number of employees working from home, remote access has become a popular way for the bad actors to penetrate security systems.

    Two-factor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (e.g., a phone number or unique security code) when attempting to access corporate applications, networks and servers.

    A more secure way to complete two-factor authentication is to use a time-based one-time password (TOTP). A TOTP is a temporary passcode that is generated by an algorithm (meaning it’ll expire if you don’t use it after a certain period of time). With this method, users download an authenticator app, such as those available through Google or Microsoft, onto a trusted device. Those apps will then generate a TOTP, which users will manually enter to complete login.

    As two-factor authentication becomes more popular, some states, such as New York, are considering requiring it for certain industries. It’s possible that as cyber security concerns continue to grow and cyber attacks become more common, other states will follow suit.

    Even if it’s not legally required, ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization’s passwords.

    Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management. This policy should require employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in their password. Passwords should be at least 16 digits and ban commonly used passwords. Cyber Insurance companies are increasingly requiring Multi Factor Authentication be in place in order to purchase a Cyber policy.

    These key elements should be apart of your IT best practices and will help avoid attacks to your system.

    • Train Employees in Cybersecurity Awareness and Anti-Phishing;
    • Implement a Vulnerability and Patch Management Program;
    • Use Multi-Factor Authentication (email & remote access) and Strong Passwords (at least 16 digits and ban commonly used passwords);
    • Employ Privileged Access Management to Safeguard Credentials for Privileged Accounts
    • Use Monitoring and Response to Detect and Contain Intruders;
    • Segregate and Test Backups to Ensure that Critical Systems Can Be Restored in the Face of an Attack; and
    • Have a Ransomware Specific Incident Response Plan that is Tested by Senior Leadership

    As Cyber crime continues to be a threat, working with a knowledgeable and experienced team that understands your organization, is increasingly important in securing appropriate coverage, terms and pricing. At this stage, preparation to be in a position to purchase Cyber Insurance is part of the strategy.

    [1] Industry Letter - June 30, 2021: Ransomware Guidance | Department of Financial Services (ny.gov)