Techify Logo

MFA Is No Longer Good Enough

Two years ago, multi-factor authentication (MFA) was great and it prevented most of the hacks out there. Now it’s not doing a good enough job in protecting your business or organization.

What is MFA?

Also known as two-factor authentication, it is a multi-step login process that requires you enter two pieces of information before allowing you to access online or mobile services. In most instances, a code is sent by text to a person’s phone after they enter their username and password information.

We’ve been talking about MFA non-stop for a long time. But the bad news is, it’s just not good enough anymore. It’s not protecting us the way that  it used to.

Now the hackers are spoofing MFA. They’re getting around it using social engineering.

An example: just a month ago Reddit got hacked after an employee clicked on a link that they shouldn’t have. They went to a web page that was a spoof portal; it looked like it was a Reddit page. They entered their MFA token and the hackers got on the system and got access to sensitive information.

So, what can you do about it?

Keep educating your staff

We have to keep educating our team. Because there are always new threats, and we have to rely on our team members to make sure that they’re making the right decisions.

Have security processes in place

You need to stay current with cybersecurity best practices, which are constantly changing. So if somebody isn’t looking at your systems using a proactive approach, then you’re going to be reacting, and you’re going to be reacting to intrusions. Every business  needs a proactive approach around cybersecurity.

Get regular advice

You should be getting regular advice quarterly on what risks your business or organization may be exposed to, and what to do about them.

Somebody should be auditing, reviewing, and aligning your systems and letting you know what you could do and building out a cybersecurity roadmap for the next 12 months.

What’s Next?

If you don’t have that cybersecurity roadmap, if no one is looking at your systems on a proactive basis and giving you advice, please reach out. We can help.