Blog & Tools

Use multi-factor authentication to improve cybersecurity

Thieves may threaten victims with weapons in order to steal money or valuables from people. Burglars typically break into buildings at night.

Some criminals still use those old-school methods.

These days, however, victims can also be attacked by anonymous hackers who work on computers or make phone calls.

Advances in communications technology have helped businesses, organizations and consumers operate faster and more efficiently. But new products and services also create fresh targets for cybercriminals. People who use technology always need to be cautious.

Multi-factor authentication, or MFA, is an old defensive strategy that's gaining popularity, and that’s great. Use MFA whenever possible because it provides users an extra level of security. It's still possible to have devices protected with MFA hacked, so users should stay cautious.

MFA requires a user to provide more than a username and password to log into an account. The additional information is often a passcode sent by text message or email. A stronger form of security may require something biometric, such as a fingerprint or retina scan.

“Multi-factor authentication is just an additional tool in your tool belt for combatting cybercrime,” said Jon Scarbrough, director of IT at SDN Communications. “The whole point is to make it harder for somebody to be able to get into your account, wherever that account may be. It could be at a bank. It could be at work.”

NEW TOOLS FOR MFA

Scarbrough expects to see increased use of tools such as YubiKey, an authentication device, to help increase the security of MFA.

YubiKeys and similar products look like memory sticks or key holders. After they're set up, the security key can be plugged into a USB port or used with Bluetooth wireless technology to strengthen the authentication process.

“Those are additional techniques to make it harder for someone to hack into your account,” Scarbrough said.

“Of course, users can’t be lazy in exercising care”, he said. For example, they shouldn’t use “password” as their password and then be surprised when an account gets hacked.

STRONGER, NOT IMPREGNABLE

Even accounts protected by MFA are hackable. Cybercriminals can buy stolen account information or hacking tools on the Dark Web.

One of the most recent reported strategies for hacking accounts protected by MFA begins with a real-looking email that might appear to come from a source such as LinkedIn, but is fake. The email might include a suggestion for a new connection, for example. If the receiver clicks the link, his or her response gets routed to LinkedIn. It will also get routed to the hacker so they can steal the log-in credentials or other information.

KnowBe4, a company that specializes in online security training and commercial testing, recently published an e-book by Roger Grimes, titled “12+ Ways to Hack Multi-Factor Authentication.” The 39-page book is designed to help readers defend against attacks.

“While MFA does reduce, and in some cases, signi?cantly reduce particular computer security risks, most of the attacks that could be successful against single-factor authentication can also be successful against MFA solutions,” the book notes.

MFA will not prevent phishing or social engineering attacks from succeeding, for example, so security awareness training should remain a big part of a companies’ defense strategy, the book contends.

It might not be surprising that an online security-training company would promote the need for employee training. But most cybersecurity experts will tell you that people are the weakest link in most companies’ security strategies.

Too often, people click on suspicious links or get tricked by a caller into giving out sensitive information. With good, ongoing training users can strengthen these weaknesses.

MFA helps, too. MFA can make it more difficult for scammers to log into someone else’s account, even if they have the account holder's name and password. Businesses and individuals should use it whenever they can.

SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington and the surrounding areas.

Posted: June 18, 2019
Topic: Cybersecurity
Type: Blog
About the Author

Rob Swenson

Rob Swenson is a freelance corporate writer and a veteran journalist. He worked for 32 years as a reporter and editor for the Argus Leader and the Sioux Falls Business Journal, and has 17 years of experience as a business reporter or business editor.

He now has his own writing and consulting business, Rob Swenson Media Services.

Related Posts

You Might Also Like

  1. How to recognize spam text messages
    Spam is no longer an annoyance native to only emails. Following the wake of the COVID-19 pandemic, cybercriminals ramped up their SMS spam efforts and targeted vulnerable individuals on their mobile devices.
  2. How to safely use QR codes
    In an ever changing and adapting world, quick response (QR) codes are being utilized as a dependable form of making payments, signing up for events, checking restaurant menus and more.
  3. Password protection in 2022
    Password security is one of the all-time battles on the subject of cybersecurity. No matter the evidence to back up why passwords like, “Password” are dangerous to use, they still find their way into the most commonly used passwords lists.
  4. Severe weather reminds businesses to practice response plans
    When disaster strikes, communication is everything. If emergency responders and healthcare facilities can’t communicate, lives are at risk. If companies can’t communicate with customers, business is threatened. The list goes on.