Insurers are paying attention to the measures governmental agencies take – or fail to take – in protecting their information technology (IT) systems and stored data. Looking toward the future, you may be facing a July 1 deadline from your liability insurer requiring that you have basic levels of cybersecurity protections in place or risk losing your coverage for cyber related breaches. Implementing procedures for accessing computer resources involving multi-factor authentication (MFA) can make your school’s or public agency’s network as much as 99% less vulnerable to unauthorized intrusion, according to Microsoft.
MFA provides one or more added levels of assurance that a person logging in to a system is an authorized user and not a cybercriminal. A bad actor who gains access to someone’s username and password can easily get into applications and databases to compromise, steal, extort, or otherwise victimize others. By introducing MFA, a hacker can be effectively prevented from accessing a system even with a valid username and password. MFA can take the form of a random code sent by text messaging to the authorized user’s device such as a smartphone. If the MFA code is not entered within a specified period of time, access is not granted.
Other forms of MFA can increase the level of security even more. Authentication factors that use biometrics, including facial recognition or fingerprint reading make it virtually impossible for a hacker to enter a system remotely. Approaches using geolocation of an authorized user is an MFA tactic to effectively protect against cyberattacks from overseas.
It’s always important to recognize that the most vulnerable component of a network’s security system is the user themselves. It’s critical to train your staff on recognizing these scams and to provide regular reminders for keeping their computers safe. Phishing and other online scams target authorized users to get them to unknowingly reveal their login credentials to cybercriminals. MFA can prevent unauthorized access even when a phishing scam is successful in getting username and password.
Cyberattacks against schools and public agencies recently have led to multi-million-dollar losses for such organizations and their insurers. Because of this, cybersecurity liability insurance coverage rates have skyrocketed. MFA, along with other appropriate security controls can significantly reduce your risks of a costly claim – one you do not want to face uninsured!