An important topic was recently brought back to mind, one I wanted to share today in a short blog post: enabling multi-factor authentication (MFA) and enforcing MFA are two different things.
Unfortunately, one common enforcement shortcoming comes from IT administrators and from business leaders themselves: they often exempt their own accounts from the MFA protections they apply to the rest of their employees.
This is backwards – precisely backwards.
Think of it this way? Which credentials do you think a hacker wants most, those of the receptionist or of your Vice President of IT?
In a brief snippet from last month’s webinar, our friend and cybersecurity expert, Dave Cunningham, described this common failing, which he sees regularly:
What is Dave’s business? Alvaka Networks focuses on one thing: rescuing companies after they’ve been hit by a successful ransomware attack. Fortunately for Dave – and unfortunately for everyone else – their business is booming.
I have also heard Dave say that by merely doing one thing, properly enforcing MFA throughout its organization, a company can cut roughly 80% of its cybersecurity risk. If you don’t know how to properly apply MFA across your network – rather than simply to individual applications – get help from an IT provider you trust.
But back to you company leaders for one more minute: exempting yourselves from MFA requirements doesn’t make you somehow more productive via the few extra seconds you save. It’s just a careless way of leaving your company vulnerable.
When it comes to protecting your network via MFA, it truly is best to practice what you preach.