Do you have the multi-factor authentication (MFA) practices in place to help qualify for the cyber policies you need? While many cyber insurance policies require different MFA demands, there are a few commonalities you can use as a baseline to get started. Let's review.
Multi-factor Authentication or "MFA" refers to the use of two or more means of identification and access control using the following identification categories.
MFA is successfully embedded when at least two of these categories are required to verify a user's identity when they attempt to access systems.[1]
Remote Network Access
Requiring MFA for remote network access can help reduce the potential for network compromise caused by lost or stolen passwords
Administrative Access
Requiring MFA for admin remotely and internally helps prevent intruders that have compromised an internal system from obtaining broader access
Remote Access to Email
Requiring MFA for remote access to email can help limit the potential for compromise to corporate email accounts caused by lost or stolen passwords.
Deploy Multi Factor Authentication
Pro Tip: These are the minimum requirements for many lenders. But don't stop there! Please deploy MFA where it makes sense in your environment.
IE can help! Our security team offers Security Risk Assessments to identify gaps and vulnerabilities in your security posture. Additionally, we can create or refine your security policies and prepare you for new compliance requirements with our vCISO offering.
Still not sure? Get started with Cisco Secure Access by Duo for FREE to determine if it's the Multi-factor Authentication coverage you need!
*Sources:
[1] NIST