2 August 2021

MHR enhances protection of customers’ HR and payroll data with new Multi-Factor Authentication (MFA) security requirement

Will North at MHR

Extra layer of security to be mandatory for iTrent customers to protect against increase in cyber-threats. Implementation of MFA will also become a default requirement for all new customers and renewals from 1 September this year.

MHR International, the HR and payroll expert has announced that Multi-Factor Authentication (MFA) will be a minimum-security requirement for all cloud-hosted customers using its market-leading iTrent HR and payroll data solution from 1 July 2022. Implementation of MFA will also become a default requirement for all new customers and renewals from 1 September this year.

With the lack of MFA identified as the main route for successful cyber-attacks, MHR wants to increase the protective layers around the highly sensitive customer data it holds. Around the globe, this type of data has become a prime target for hackers who want to steal, ransom or publish it. The growth in remote working and proliferation of access points to systems have also increased the risks.

MFA or 2FA is a stronger way to verify that a user of an IT system is who they say they are, rather than relying solely on a single password, which can too often be easily guessed or obtained. The most common form, or combination, is a password and code which is sent to the user’s mobile phone.

The UK’s National Cyber Security Centre and the Information Commissioner’s Office have both stated that all system users, including administrators, should use multi-factor authentication when using cloud services that hold sensitive data.

Almost half of businesses (46%) surveyed by the Department for Digital, Culture, Media & Sport in 2020 said they had identified breaches in the previous year. Phishing attacks using emails to harvest credentials or drop malware were the most common method (86%). IBM estimates the average cost of a data breach to be between £2.5 million and £3 million.

“We are determined to protect our customers from the increasing volume of cyber-attacks that hit organisations lacking MFA,” said Will North, Chief Security Officer, MHR. “Installing MFA is not only best practice and in line with government guidance, it is now part of an organisation’s digital transformation. This small change makes a big difference, enabling organisations to enjoy all the benefits of the cloud in terms of agility, remote access and scalability but without sacrificing the security of their sensitive data. By making MFA a minimum-security requirement for iTrent we are demonstrating our commitment to the highest levels of security and accessibility.”

MHR is advising customers to take action as soon as possible to ensure maximum protection of their data.

  • For MHR customers already using MFA when accessing iTrent, no further action is required.
  • For MHR customers that have an identity provider (IDP) which supports MFA (e.g. Microsoft Azure AD), but are not using it with iTrent, then it will need to be integrated.
  • For MHR customers that don’t have an identity provider (IDP) that supports MFA, then they can either implement one or use MHR’s iTrent Shield solution.

iTrent Shield is MHR’s ground-breaking security solution that provides next-generation protection to HR and payroll data using user behaviour analytics and multi-factor authentication. Find out more about iTrent Shield and book your demo below.

Back to news listing