During the early days of cyber insurance, companies weren’t quite sure what to ask about or what they were looking for. Business insurance (fire, etc.) was a must have, but cyber insurance used to be an “add-on” type of service…something that was rarely ever really used by clients.
Cyber crimes have seen a sharp increase over the last decade or so, and have skyrocketed within the last couple of years according to FBI statistics.
Those “add-on” policies from insurance providers started to cause them significant losses due to the lack of scrutiny the insurance request forms received on their company’s side.
The response to this has been twofold:
1) Increase in rates to cover insurance claims
2) Closer examination of network and cyber security for the company requesting insurance
During a recent conversation about cyber insurance with a manager at one of the world’s largest business insurance brokerages, he told us that businesses, “Must have fully implemented MFA,” as one of the first qualifications for coverage.
What Is Multi-factor Authentication?
Multi-factor Authentication, sometimes referred to as “Two Step Verification” is a common way to bolster security to ensure that someone logging in is most likely the actual account owner. When you log in with your username and password from a new device, you’ll often get a message saying, “send verification code to phone number xxx-xxx-1234”. When you get that code and enter it, that’s the 2nd factor, or 2nd step.
How Does Multi-factor Authentication Help Security?
A nefarious actor may be able to guess your login name – an email address perhaps. Then, with many people often using weak or similar passwords across various sites, they might even be able to crack your password. However, when they go to sign in from a new device and have to enter that unique, one time passcode that is sent to you, they’ll be stuck.
In our post about the human factor often being the weak link in cyber security due to phishing attacks, it was found that 86% of organizations had at least 1 employee try to connect to a phishing site. In a phishing attack, hackers are often trying to get login credentials to access the system. With MFA enabled, the attacker would need to access the additional verification information (like a one-time password), which is much more difficult to access.
Rolling Out Multi-factor Authentication MFA For Your Organization
While MFA isn’t the complete answer to your cyber-security needs, it can be a simple and major step to increase security and, as noted above, a must-have for obtaining cyber liability insurance. If you have questions or would like assistance with rolling out MFA across your organization, we can help with our co-managed IT services.