" multifactor authentication Archives - LuxSci

Posts Tagged ‘multifactor authentication’

Improve Account Security by Enabling Multifactor Authentication

Tuesday, May 17th, 2022

This month, the Cybersecurity and Infrastructure Security Agency (CISA) launched an initiative called MFA May to encourage individuals and businesses to enable multifactor authentication for their accounts. This article defines multifactor authentication and explains why organizations should implement it to improve the security of their accounts.

multifactor authentication

 

What is Multifactor Authentication?

Multifactor authentication requires users to present two or more credentials to log in to their accounts. Multifactor authentication is sometimes called two-factor authentication for this reason. The first factor required is a typical username and password. The second factor is usually a code contained within a text, email, or push notification. The user must enter this numerical code to confirm that they are logging into the account. Sometimes an authenticator application is used to generate the code. Instead of a numerical code, the second factor could be a biometric marker like a thumbprint scan.

By requiring a second piece of information to log in to an account, multifactor authentication increases the security of accounts. Even if a hacker gets ahold of your password, they will be unable to log in to an account without the second piece of authentication.

How Multifactor Authentication can Stop Cybercriminals

As you can tell, multifactor authentication is an effective tool for limiting account access. A study by Microsoft found that users who enable multifactor authentication for their accounts will block 99 percent of automated attacks.

It is easier than ever before for hackers to acquire users’ passwords. Data breaches compromise millions of account credentials each year, which can be purchased on the dark web for pennies. Hackers can also use dictionary attacks to guess simple passwords using computer technology. Lastly, users may unwittingly hand over their credentials to a malicious actor during a phishing attack.

However, administrators can stop these attacks by enabling multifactor authentication. Even if a hacker knows your password, they will be unable to access your account without that second piece of information.

How to Enable Multifactor Authentication

Many vendors now offer multifactor authentication. We recommend enabling it as often as possible, especially for sensitive accounts like email, financial accounts, and medical records.

LuxSci has offered options for multifactor authentication to our users for over a decade. Users have the flexibility to choose the second option for authentication. They can choose to send a token to an alternate email address or enable a third-party app like DuoSecurity or Google authenticator to validate their identities. Please contact our support team to learn more about enabling multifactor authentication on your LuxSci account.

Conclusion: Why Use Multifactor Authentication

Cyber threats are increasing across all industries. Although HIPAA does not yet require users to implement multifactor authentication, security experts strongly recommend it. Enabling multifactor authentication is an inexpensive and effective way to improve your security posture. Although users may object to the extra step, enforcing multifactor authentication as an administrator is a smart move.

Implementing Zero Trust Architecture

Tuesday, March 8th, 2022

The US Government has released its zero trust strategy to help government agencies implement zero trust architectures. It requires federal agencies to meet certain standards before the end of the 2024 fiscal year.

zero trust architecture

The zero trust strategy aims to improve the nation’s security posture and reduce the potential harms from cyber attacks. It assumes that attackers cannot be kept outside of network perimeters and sensitive data should be protected at all times.

The move toward zero trust architecture is a significant undertaking for the federal government, and this strategy aims to outline a common path for agencies to take, as well as limit uncertainty about transitioning.

It will require agency heads to partner with IT leadership in a joint commitment to overhaul the current security architecture and move toward a zero trust model. The strategy encourages agencies to assist each other as they work to implement zero trust architecture, exchanging information and even staff where necessary. Ultimately, the zero trust strategy aims to make the federal agencies stronger and more resilient against cyber attacks.

What Does The Zero Trust Architecture Strategy Include?

The Cybersecurity and Infrastructure Security Agency (CISA) created a zero trust maturity model to guide the strategy. The model contains five pillars including:

  • Identity
  • Devices
  • Networks
  • Applications and Workloads
  • Data

There are also three themes that cut through each of these areas:

  • Visibility and Analytics
  • Automation and Orchestration
  • Governance

Identity

First, the strategy includes a number of identity-related goals. Federal agencies must establish centralized identity-management systems for their employees. These systems must integrate with common platforms and applications.

Another core goal is for agencies to use strong multi-factor authentication throughout the organization. However, it must be enforced at the application layer rather than at the network layer. Password policies no longer require the use of special characters or frequent password changes.

The new strategy will also require that user authorization also incorporates at least one device-level signal. This could include confirming the device is authorized to access the application and has up-to-date security patches.

Devices

Under the Devices pillar, federal agencies must participate in CISA’s Continuous Diagnostics and Mitigation (CDM) program. This allows them to create reliable asset inventories. The other major goal is for each agency’s Endpoint Detection and Response (EDR) tools to be deployed widely and to meet CISA’s technical requirements.

Networks

Among the network-related measures, agencies need to use encrypted DNS to resolve DNS queries wherever it is technically supported. They must also force HTTPS for all web and API traffic. On top of this, agencies also need to submit a zero trust architecture plan that includes their approach to environmental isolation to the Office of Management and Budget.

Applications and Workloads

In addition, there are a number of application and workload-related goals for agencies, including:

  • Operating dedicated application security testing programs.
  • Undergoing third-party application security evaluations.
  • Running a public vulnerability disclosure program.
  • Working toward deploying services that employ immutable workloads.

Data

When it comes to data, agencies must follow a zero trust data security guide created by a joint committee made up of Federal Chief Data Officers and Chief Information Security Officers. Agencies must also automate data categorization and security responses, with a focus on tagging and managing access to sensitive documents. They must also audit any access to encrypted data in commercial cloud services. Another goal is for agencies to work alongside CISA to implement logging and information sharing capabilities.

Zero Trust Architecture and the Future

The federal government isn’t just pushing toward a zero trust architecture model as a fun new hobby. Instead, it is a response to the increasing sophistication of cyber attacks, especially those originating from nation-state level groups.

These complex and well-resourced cyber attacks aren’t only a threat to government agencies. Other organizations face similar threats in the ever-changing threat landscape. The reality is that businesses also need to move toward the zero trust model in order to effectively defend themselves in the future.

LuxSci can help your organization make the change through services such as our zero trust email options, or our zero trust dedicated servers. Contact our team to find out how LuxSci can help your organization prepare for a zero trust future.

5 New Year’s Resolutions to Improve Your Cybersecurity

Tuesday, January 4th, 2022

Happy New Year! Start the year off by making a New Year’s resolution to improve your cybersecurity. Here is LuxSci’s list of what your organization needs to do to prepare for the new year.

cybersecurity new year’s resolution

Read the rest of this post »