Securing the Remote Workplace with MFA

Indisputable changes to working cultures in the last few years are not exactly breaking news. More and more of us are working from home.Likewise, there are no prizes for guessing the most obvious impact which was undoubtedly Covid-19. Covid significantly accelerated the adoption of remote working, with many companies implementing remote work policies for the first time. Luckily, alongside the urgency, the industry has also benefitted from improved technology, such as cloud computing, video conferencing, and advances in collaborative tools which all helped to facilitate this seismic shift. Employees and employers alike have become aware of the many benefits too, such as ,increased productivity, and improved employee satisfaction and retention. No surprise then, that as we head into the third year of this growing trend, many companies have opted to remain flexible or take the plunge and go completely remote moving forward.

There has been much commentary on this subject, but as it is now clear that things have changed for good, we ask, what about the challenges and risks associated with cyber security, and more specifically, how can multifactor authentication (MFA) help organisations secure the remote workforce?

What are the cyber security risks for remote working?

First off, what are the risks with the remote workforce? IT and security teams will be all too aware that the risks are numerous, such as unsecured networks, unsecured devices, and even a lack of physical security to control access to a company’s data. The most significant and prevalent threats, however, arise from bad actors seeking to exploit the workers themselves.Remote working presents hackers with a vastly increased attack surface and many more opportunities.  

Phishing Attacks

Phishing, along with stolen or compromised credentials, remains the top cyber threat for organisations.

Credential phishing is a type of cyber-attack where a hacker tries to trick a victim into revealing their login credentials (such as a username and password) or other sensitive information, often by pretending to be a legitimate website or service. Credential phishing attacks are mostly executed using fake login pages or email messages that are designed to look legitimate. When a victim enters their login details on a fake page or responds to an email with sensitive information, the attacker obtains the credentials and can go ahead and use them to gain access to the victim's accounts or steal further data.

But what makes remote workers even more vulnerable to these threats? The remote workforce is an attractive target for attackers because individuals are more isolated and may have less oversight from IT or security staff. They often rely more heavily on email and other online communication apps to stay connected, meaning that the sheer volume of electronic communications is simply greater, so there are more opportunities.

Remote workers are more likely to be using personal devices and networks to access work resources. Furthermore, there are more personal distractions at home - we can all relate to that. But a momentary lack of attention when the pet, spouse or the kids are around, can have disastrous consequences. Attackers are increasingly more sophisticated, and it can be a challenge to differentiate between a real and fake site even with full concentration on the job at hand.It only takes one or two clicks to become compromised.

Why should companies use MFA to protect the remote workforce?

As discussed, the risks are high but even more so with employees working away from the office. It is vital that organisations start to address the rise in threats, especially with regard to phishing attacks which remain the most costly and most prevalent attack vector. The cost of a data breach can be devastating, and not just financially. The cost to reputation and trust in an organisation can also significantly impact business. MFA is often the most cost-effective solution in comparison to other security measures, and if an organisation can prevent credential phishing and solve the issue of lost or stolen passwords, they have eliminated one of the largest cyber security threats facing industry today.  

Passwordless and phish-proof MFA such as AuthN by IDEE, will prevent all credential phishing andpassword-based attacks completely.It really is as simple as that. It also needn’t be complex. Organisations cannow opt for AuthN,which can be deployed across an entire business of thousands of users in aslittle as just 15 minutes.

How can managed-service-providers (MSPs) help their customers with MFA?

MSPs play a critical role in ensuring the security of their customers’ workforce. MFA can be the easiest and quickest solution to specify for customers who all need to add an additional layer of security and the great news is, you don’t need to be a cyber security expert. For more information on how to best support customers, MSPs should visit Become a Partner or start a 30 day free trial to check it out for themselves.  

Contact us 

‍

‍