Cybersecurity: The Importance of Multi Factor Authentication (MFA)

October is National Cybersecurity Awareness Month and the emphasis focuses on the mantras of Own IT, Secure IT, Protect IT. In last week's blog, I focused on "Own IT" as it relates for Remote Access Security. This week I will focus on "Secure IT". A key to securing it (and in this case, "it" refers to Protected Health Information) is realizing that there are tools for healthcare IT available to help us live and work in a mobile society.

Before I dive into that topic, I wanted to remind you that in ongoing support of National Cybersecurity Awareness Month, we hosted a series of five short 10-minute webinars each day the last week in October called "Cybersecurity Coffee Chats." We covered topics including remote access security, multi-factor authentication, phishing, and patient privacy.

Click this link to access the entire Cybersecurity coffee chat series.

Now, back to the topic of securing "It". I grew up hearing (and later believing) that two heads are better than one. The reasoning is that two people looking at a problem or challenge can come up with a better solution or see the problem quicker.

There are many lessons in life around two being better than one; look at redundancy in IT for example. Critical servers are replicated for improved uptime, backups are replicated in case one fails. And that’s the key – two eyes, two servers, two backups are all intended to reduce the chance of a failure. 

So, one specific example of where two is better than one is using Multi-factor Authentication (MFA) for vendors or employees who are accessing your network remotely. Using the NICCS definition, MFA is a security process that requires more than one method of authentication from independent sources to verify the user’s identity.

You may see MFA referred to as two-factor authentication or strong authentication. Google, Microsoft and Apple adopted MFA several years ago to protect their customers personal data. If you’ve not enabled this tool, I urge you to do so. 

MFA is based on three categories of credentials: 

1. Something you know, such as a password, passphrase or PIN number
   
2. Something you have, such as a security token, an authentication app, verification text or email
   
3. Something you are, such as your fingerprint, facial recognition or voice recognition
   

In my days as a CIO, I often heard the complaints of annoyed users wanting to revolt against MFA. Yes, it takes time for the extra step, but the security that extra step provides is immeasurable. 

MFA is especially important when you have users (either vendors or employees) accessing your network remotely. We all know that threats from hackers are on the rise, specifically when it comes to third-party breaches. 

One way to help stop third-party breaches is with MFA. A hacker may be able to capture a user name or password for a third-party system, but they will not be able to complete the final step of authentication provided through MFA.

Another example would be if an employee no longer works for an affiliated physician office, and you don't receive notification to terminate their access to your network. With MFA in place, they wouldn't be able to complete authentication, therefore stopping them from wrongly accessing Protected Health Information (PHI).

You can watch the recording of "The Importance of Multi-Factor Authentication" below.

{% video_player "embed_player" overrideable=False, type='scriptV4', hide_playlist=True, viral_sharing=False, embed_button=False, width='1920', height='1080', player_id='19685007593', style='' %}

Click this link to access the entire Cybersecurity coffee chat series.

If you have questions about Multi Factor Authentication, remote access security, or cybersecurity in general, feel free to set a quick meeting with me, I would love to talk with you about your challenges.