The Importance of Multi-Factor Authentication and How It Protects Your Credit Union
Identity theft is easy. Easier than you think. Cybercriminals have more than 15 billion stolen credentials to choose from. If they choose yours they could take over your bank accounts, health care records, company secrets, and more.
There is a litany of possible ways thieves can steal your identity. Social media, credit checks, and anytime you use any of your personal info (birthday, SSN, address, etc.), you are creating a risk for exposure. As employees in the credit union industry, a stolen identity and stolen credentials mean potentially placing member account information at risk. So how can we avoid this? The first step is to activate Multi-Factor Authentication (MFA) for each employee in your credit union where possible.
What is Multi-Factor Authentication?
MFA is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA is a cost-effective, easy-to-install, and beautifully simple tool to further lock down user accounts.
The reality is that many traditional cybersecurity measures can be compromised without MFA. Anti-virus software, firewalls, encryption tools, network monitoring solutions, and more can all be bypassed if hackers compromise credentials to privileged user accounts. Here are a few reasons why MFA is quickly becoming a necessary tool to help lock down information that gets into cyberspace:
- Identity theft is easy, and it’s a growing threat to all businesses. MFA makes identity theft harder.
- Weak or stolen credentials are hackers’ go-to method in a majority of attacks. MFA beefs up the strength of credentials considerably. It also makes stolen passwords less fruitful for hackers.
- Small businesses are being targeted at a growing rate by cyber attackers. New security measures are not for enterprise-class organizations only. MFA is simple and relatively easy for small organizations to roll out.
- Other cybersecurity tools and solutions, like anti-virus and firewalls, are only as strong as their user authentication procedures. MFA can make your existing perimeter security stronger.
- High-ranking employees and highly privileged user accounts are hot targets for hackers. MFA can be used specifically for administrative and executive accounts to protect them.
- Cybercrime is about more than just stealing data. With MFA, you are also attempting to stop attackers from destroying data, changing programs, and using your accounts to transmit propaganda, spam, or malicious code.
- MFA is already becoming ubiquitous. People are accustomed to authentication procedures in their personal as well as professional lives. Social media, banking, gaming, and email platforms have all rapidly adopted MFA. Bringing it into your workplace is a no-brainer.
How does it work?
Most MFA systems won’t eliminate usernames and passwords. Instead, they layer on another verification method to ensure that the proper people come in and the thieves stay out. A typical MFA process looks like this:
- Registration: A person links an item, such as a cellphone or a key fob to the system and asserts that this item is theirs.
- Login: A person enters a username and password into a secure system.
- Verification: The system connects with the registered item (phones, key fobs, PCs).
- Reaction: The person completes the process with the verified item(s). The verification code will then be verified device.
Some systems demand this verification with each login, but some systems remember devices. If you always use the same phone or computer to log in, you may not need to verify each visit. But if you attempt to log in on a new computer or during an unusual time of day, verification might be required.
How much does MFA cost?
While some are free, they will only allow a certain number of users. If you are working with more than 6-10 people on a local area network, the cost for MFA will land around $6 per user on average. That is a small price to pay considering the amount of protection you receive.
Think about it this way, can a dollar amount be put on someone’s personal info? This is how thieves make their money. The personal info is compromised and then sold or used for more malicious attacks. For the cost of the perimeter protection has already paid for itself. Who says you cannot buy peace of mind?
Protect yourself and your credit union
Not all cybersecurity is foolproof, but with the additional layer of perimeter protection, you have made another effort to fight for your members, your credit unions, and the financial peace of mind that we all need in today’s economy and in the future.