Effectiveness of Multi-Factor Authentication for Business Security

By Gary Williams, Published Wednesday, 10th June 2020

With every device now connected to the internet, having good quality IT security in place is essential.

In the world of IT there is nothing more important than security – network security, backup security and physical security. One of the biggest threats to the security of a network is the end-user password. This is often out of the control of network administrators beyond the enforcement of password policies, although this amounts to nothing if a user password is phished, stolen or just misplaced. To protect against such a risk, we recommend implementing a second factor of authentication.

Below are some examples of how this can be leveraged against common IT implementations:

Remote Access

Remote access into a system, such as a VPN or Remote Desktop Services deployment, can be protected by sending an authentication message to a smart phone with either a code or an instant ‘Allow’ or ‘Deny’ response to an app. Vendors such as Duo Security and Microsoft Azure provide easy-to-manage solutions for this.

Device Access

Smartcard technology in the form of USB access keys can be used in conjunction with a user password. This ensures that physical access to a machine with the correct password is only part of the authentication process, as without the physical token as well, access cannot be granted.

Email

Email account security is one of the most overlooked points of vulnerability for an organisation, but is one of the most visible targets. Enabling Multi-Factor Authentication using one of the above vendors is a simple task that goes a long way to protecting against data loss and impersonation attempts, among other forms of email-based attacks.

Cloud Services

Multi-Factor Authentication is now available on most external services such as Facebook, Outlook.com, Google, LinkedIn etc. We highly recommend that these services are enabled for their security benefits. They also mitigate against the same email and password combination being used across different platforms and services – if one service is compromised, then all are vulnerable in this case.

By Gary Williams

Gary Williams is Technical Director for Datcom. He has over 10 years experience in the IT industry advising, implementing and supporting IT solutions.

Contact

Get in touch

Call us on 0333 000 3210 or Email us solutions@datcom.co.uk

Latest news...

Microsoft 365 Outage on 25 Jan 2023

Notice for Microsoft 365 Outage 25 Jan 2023

Why Managed IT Services are good for your business

The East Midlands is packed with amazing and successful businesses – all of which are different and unique in the way they conduct themselves and achieve their goals. One thing that many of these businesses do have in common is that they choose to use Managed IT Services.

Charity of the Year: Lymphoma Action

This year, Datcom have chosen to raise money for Lymphoma Action and help support people affected by this cancer. The Datcom team have been busy thinking up fresh ideas and this year we’re going big!