One of the topics being focused on for Cybersecurity Awareness Month is the importance of Multifactor Authentication (MFA). MFA has been a hot topic for a little while now with it coming up as a requirement for some cyber insurance. However, many organizations have been putting off rolling it out because there is push back from users of all levels.
If you haven’t started rolling out MFA in your organization, look at starting with remote and admin level users. These folks pose a larger risk to your organization so they should be prioritized. Additionally, it will give you a test group to see the most frequent issues or questions that arise. This will make for a smoother implementation to the rest of the organization.
We hope you already have remote and admin users enrolled in MFA and if you do, great! Your work isn’t done yet! If you don’t think that it would be feasible to roll out MFA to the rest of the organization all at once, try breaking it up. Start with the users that pose the highest risk to the organization. You’ll base user’s risk level on how sensitive the information is that they have access to and how much of it they are able to access. You can split this up by title or department and work through it one section at a time!
There are a few different methods for MFA. In an ideal world, we would suggest using biometrics, but we know that isn’t always feasible. The next safest we would suggest would be number matching. HERE is CISA’s fact sheet on the benefits of number matching as opposed to push notifications for MFA.
Regardless of the MFA implementation, it is important to continue security awareness efforts with users through phishing tests, regular reminders of best practices, etc.