ThrottleNet, named the #1 IT firm in St. Louis by Small Business Monthly, is urging small and medium sized businesses to utilize Multi-Factor Authentication or MFA to properly safeguard access to its key corporate data.
MFA is a two-step process requiring the user to utilize multiple verification factors. Typically, the process requires something you know, a password, and something you have such as a code from your cell phone. Once successfully authenticated, using both factors, you are granted access to the resource. The process nearly eliminates the possibility of a successful cyberattack.
â€œMany companies unknowingly leave their front door wide open to threats via simple attacks such as weak or compromised passwords,â€ said Dustin Leefers, Cybersecurity Director at ThrottleNet. â€œBusiness Email Compromise or â€˜BECâ€™ is one of the most common attacks we see today. If an attacker gains access to your email, it opens the door for them to access almost anything else. A properly implemented MFA solution will lower that risk to nearly zero.â€
According to Leefers, BEC usually begins with an email phishing scheme that spoofs a request from a boss, co-worker, or vendor. â€œThe email address is changed by one letter but, at a quick glance, it appears official. That communication often includes a link containing what looks like a key report or invoice. Once the user clicks on the link and enters their credentials the attacker gains access to the account.â€
Leefers said a common scam occurs with title companies. â€œA homebuyer can receive a message from their title company with instructions on how to wire the down payment. It appears legitimate but in fact is coming from a cybercriminal. The money unknowingly gets transferred into the account of the attacker and the homebuyer loses tens of thousands of dollars.â€
To combat these schemes Leefers urges companies to add a second layer of authentication such as a SMS message, push notification, or code from an authenticator app. The second factor must be used to gain access to the VPN or business application.
â€œMost cyber criminals are looking for low hanging fruit, those easy to penetrate targets. Even if they have your credentials, once they see that the account is protected with MFA they will typically move on to softer targets. This is true in all but the most targeted attacks.â€
Leefers added that any company utilizing Microsoft 365 can easily add MFA. â€œWe recommend using Microsoft Authenticator for most of our clients MFA needs. It is easy to use and the most effective solution for easily increasing account security. Similar options are also available for those using Google platforms.â€
â€œEnhanced cybersecurity practices, including MFA, are becoming mandatory for smaller companies wishing to do business with corporate entities. Corporations need to protect their data throughout the supply chain and vendors must have certain cybersecurity controls in place to engage with them. According to Microsoft, MFA eliminates 99% of all potential account take over attacks. Further, not having MFA typically results in denial of coverage, or at a minimum, higher rates for cyber insurance. It just makes good business sense to add Multi-Factor Authentication to your business operations.â€
ABOUT THROTTLENET INC
Ranked as the #1 IT Firm in St. Louis for six years in a row and a top cybersecurity firm for three years in a row by Small Business Monthly, ThrottleNet, Inc. didnâ€™t become one of the regionâ€™s top outsourced IT management and security solution providers overnight. The firm has more than two decades of doing things one way. The right way. Whether itâ€™s Cybersecurity, Managed Network Services (MNS), Virtual CIO, Managed Back-up, Cloud Computing, Mobile Apps, hardware or more, partnering with ThrottleNet will provide the highest protection for your assets and help you achieve your business goals. https://throttlenet.com