Blog

28 July 2021

Why more organisations are using Multi-Factor Authentication

Image
MHR | Why more organisations are using multi factor authentication

Ensuring protection against cyber-attacks and meeting regulatory requirements

Cyber-attacks are a significant and increasing threat for organisations across the world. With many businesses, from large through to small, heavily reliant on IT systems, no business can escape the risk of a cyber-attack shutting down critical systems or stealing sensitive data.

Add to this the rise in devastating cyber-attacks, which are ripping through every industry sector, it’s time to put Multi-Factor Authentication (MFA) high up on the security ‘to do’ list. It’s no longer nice to have, it’s become essential in running a business.

So what is Multi-Factor Authentication?

It is a stronger way to verify that a user of an IT system is authentic, i.e. who they say they are. Rather than just relying on a password to verify a user, which can too often be easily guessed or obtained, two of the following methods are used:

  • Knowledge – something the user knows (e.g. password)
  • Possession – something only the user has (e.g. mobile phone)
  • Inherence - something only the user is (e.g. fingerprint)

The most common form of MFA is a password (knowledge) and code sent to the user’s mobile phone (possession).

Ultimately, MFA helps protect you from someone with malicious intent gaining access to your systems and protect your highly sensitive data.

For HR and IT teams, the need to embrace MFA is distinct and necessary, not just in terms of protecting your business, but in meeting minimum regulatory requirements.

The reason is clear: cyber-attacks are increasing at an alarming rate. They’re also evolving and becoming far more sophisticated.

It is reported that 46% of businesses experienced a cyber-attack in the last 12 months, and the average cost of a security incident is £2.75 million. More organisations embracing MFA will see these startling numbers reduced.

Organisations also need to meet minimum regulatory requirements or face the consequences

The UK data protection regulator, the Information Commissioner’s Office (ICO), states that: "You should implement two-factor or multifactor authentication wherever it is possible to do so – to take the most common example, a password and a one-time token generator. This will be more important where the personal data that can be accessed is of a sensitive nature, or could cause significant harm if it were compromised.“

The risk of not doing so? Potential fines of up to £20 million. And that’s before you consider the risk of a possible cyber-attack and the subsequent fall-out.

Guidance from the UK Government's Cyber Security body, the National Cyber Security Centre (NCSC) also states that all users, including administrators, should use MFA when using Cloud and Internet-connected services. To address current trends in cyber security, this is particularly important when authenticating to services that hold sensitive or private data.

This sentiment is echoed across the world, with MFA a mandatory requirement across Europe for processing financial transactions. It was also recently made a legal requirement for government bodies in the US.

How secure are your processes?

For HR and Finance departments, adopting MFA is a small change that could make a huge difference in protecting the sensitive employee data they hold. With remote working the new normal, MFA enables HR departments to securely provide access to key HR and payroll services from any device, anywhere.

We believe there are three main reasons why a business should implement MFA:

  1. Increased protection for sensitive data
  2. Supports flexible access to key HR and payroll services
  3. Easy to implement across your existing processes

You’re moving to the cloud to ensure accessibility and improved security

It’s an easy way of working that supports workplace flexibility and efficiency gains while also delivering cost savings. By storing business data centrally, cloud hosting offers stronger levels of security.

If you are already using the cloud or planning to migrate soon, we recommend that you implement MFA in order to further secure your organisation’s assets and infrastructure. By managing your defences against the growing threats, you are able to maintain the highest levels of security and accessibility of information.

Implementing MFA

With the increase in high-profile cyber-attacks putting cyber-security at the top of the agenda for senior management, many organisations are finding that now is the time to add the additional, robust level of protection that MFA provides.

As always, it’s a question of balancing investment and risk to achieve desired business outcomes. But MFA is easy to implement and is a significant deterrent to cyber attackers.

Apply the fundamentals with iTrent

Increased security is a top priority. That’s why we want to ensure our customers are better armed to protect their iTrent system in the current increasingly dangerous and sophisticated threat landscape. Effective 1 July 2022, all customers will be required to implement MFA for their users to access the system.

This good practice approach follows government advice and ensures you have the right security measures in place to protect your most sensitive data.

Further bolster your security

iTrent Shield is designed to help manage risk and provide additional levels of security to your system. Enhancing your overall security, iTrent Shield offers MFA and UBA (User Behaviour Analytics) functionality that will help you detect security threats and ensure compliance.

Customers across a number of industries, in both public and private sectors, tap into the specialist knowledge of our cybersecurity experts to help keep their organisations safe. Protecting your data is a priority. Please speak to an MHR cybersecurity expert to talk through your options to make the transition to MFA quickly and seamlessly.

Will North

Will is the Chief Information Security Officer at MHR and has over a decade of experience within the cyber security industry helping organisations to identify their critical information security gaps and implement pragmatic solutions to mitigate information security risks to an acceptable level.

Back to blog listing