14 September 2022

Multifactor authentication key in repelling cyber-attacks

Shield with a tick over a mobile phone

All organisations are at risk. The damage and fall-out from a successful cyber-attack can be devastating.

Cyber-attacks are increasing at an alarming rate, evolving and becoming far more sophisticated. It’s not just the big corporates that cyber criminals target these days. The education sector and smaller businesses are also falling prey. No one is immune.

Government data shows 39% of UK businesses identifying cyber-attacks in the past 12 months. That’s probably not all of it though – the data presented is prefaced with: “we also find that enhanced cyber security leads to higher identification of attacks, suggesting that less cyber mature organisations in this space may be underreporting.”

The costs to repair the damage caused by a successful attack, possible fines, organisational down-time and reputational harm are significant. Organisations of all shapes and sizes across different industries in both public and private sectors are at risk and need to arm themselves.

Multifactor authentication (MFA)

A key tool in any organisation’s armoury against cyber-attacks is multifactor authentication (MFA). No longer a ‘nice-to-have’, it’s now essential in managing business operations effectively. So, what is MFA?

In essence MFA is a more robust way to verify that a user of an IT system is authentic – that they are who they say they are. Rather than relying on just a password to verify a user, which can too often be easily guessed or obtained, two of the following methods are used:

  • Knowledge – something the user knows (typically a password)
  • Possession – something only the user has (typically a mobile phone)
  • Inherence – something unique to the user (fingerprint, face, retina etc)

The most common form of MFA is a password (knowledge) and code sent to the user’s mobile phone (possession).

This relatively simple-sounding process plays a significant role in guarding organisations against a cyber-attack. The effectiveness of MFA is illustrated by the fact that it is a mandatory requirement across Europe for processing financial transactions and is a legal requirement for government bodies in the US.

There are three main reasons why a business should implement MFA:

  • Increased protection for sensitive data
  • Supports flexible access to key HR and payroll services
  • Easy to implement across existing processes

Meet minimum regulatory requirements or face the consequences

Other than the obvious requirement to protect their data, organisations must be cognisant of the potential ramifications of a breach. The UK data protection regulator, the Information Commissioner’s Office (ICO), states: "You should implement two-factor or multifactor authentication wherever it is possible to do so – to take the most common example, a password and a one-time token generator. This will be more important where the personal data that can be accessed is of a sensitive nature, or could cause significant harm if it were compromised.”

Data breaches can attract a fine of up to £20M.

The National Cyber Security Centre (NCSC), a UK Government body, states that all users, including administrators, should use MFA when using Cloud and Internet-connected services. This is particularly important when authenticating to services that hold sensitive or private data.

MFA – small change, huge difference

For HR, IT and Finance departments, adopting MFA is a small change that could make a huge difference in protecting sensitive employee data they hold. With remote and hybrid working increasingly prevalent, MFA enables organisations to provide secure access to key HR and payroll services from any device, anywhere. Ultimately, MFA helps protect your organisation from those with malicious intent in gaining access to your systems and data.

Implementing MFA

With cyber security high on the agenda for many organisations now is the time to implement the additional, robust level of protection that MFA provides. As always, it’s a question of balancing investment and risk to achieve desired outcomes, but MFA is easy to implement and is a significant deterrent to those intent on harm.

For businesses using the cloud, cost savings, flexibility and efficiency gains are supported by the stronger levels of security provided by MFA in securing your organisation’s assets and infrastructure. By managing your defences against the growing threats, you will maintain the highest levels of security and accessibility of information.

Apply the fundamentals

Increased security is a priority. That’s why we are ensuring our customers are better armed to protect their iTrent system in the increasingly dangerous cyber landscape. By 31 December 2022, all customers are required to have implemented MFA for users to access the system. This best practice approach follows government advice and ensures you have the right security measures in place.

Implementing MFA is a small measure with a big impact.

Blog tags

Will North

Will is the Chief Information Security Officer at MHR and has over a decade of experience within the cyber security industry helping organisations to identify their critical information security gaps and implement pragmatic solutions to mitigate information security risks to an acceptable level.

Back to previous