The reason for creating finely tuned digital employee experiences (EX) and customer experiences (CX) is simple: You do it to accelerate the growth of your organization. But right now I want to discuss how to use multi-factor authentication in your digital workplace to protect the business results and growth you’re already working to achieve.
Bad things can happen when you DON’T use multi-factor authentication in your digital workplace.
The following is a true story.
We recently learned about a small, service-based business that fell victim to a six-figure cyber fraud. Hackers had gained access to their bookkeeper’s email. Once in, they generated fake invoices (using the exact same format and wording), which they emailed to the firm’s customers.
The catch? The emails directed payment to a different bank account.
Now, a question for you: How closely do you pay attention to where you send payments? Most if not all of us take it on trust that the places we’re told to send payment—whether for business or personal debts—are legit.
So did several of those customers. And when the firm sent authentic invoices, the customers replied with receipts indicating they had already paid on the fraudulent invoices. Those invoices totaled more than $100,000. That’s serious, hard-earned money that the firm will likely never see again.
Which raises another, bigger question: Could your organization absorb that kind of loss (or one proportional to size of your company)?
What does this have to do with your digital workplace?
We’re fond of saying “you already HAVE a digital workplace,” even if you’re not operating a unified digital intranet. If you’re using ANY digital tools to get work done, then you have a digital workplace. In the case of the defrauded firm’s bookkeeper, the digital workplace consisted of email and accounting software. Once the email was hacked, the digital workplace was compromised.
The good news: Multi-Factor Authentication can secure your digital workplace against cyber fraud.
Simply stated, multi-factor authentication (MFA) requires more than one verification of identity (“factor”) for a user to access an application, data, or service. You can dive into the Web as deeply as you wish to learn more about MFA, but I’ll keep to the basics.
Authentication factors fall into three categories:
- Knowledge—something only the user knows, like a password or PIN. (Security questions such as “What was the name of your first roommate?” can seem like secrets but theoretically, they can be cracked with enough time and research.
- Possession—something the user and only the user has, typically in the form of a “token.” Analogous to a physical key to a lock, hardware and software tokens are the most common possession factors. A one-time password (OTP) to access your bank’s website is a common example. (More on OTPs shortly.)
- Inherence—something only the user is. Most commonly these are biometric factors such as fingerprint, facial recognition, iris scanning, and voiceprint recognition.
You use MFA—in the form of two-factor authentication—every day with your ATM or debit card: One factor is the chip in your card, the other is your PIN. Only you should know your PIN, so only you can use your card.
Online, Two-Factor Authentication is becoming the standard.
We’re seeing more two-factor authentication (2FA) than ever online, and that trend will only continue. At least once a week, either my bank or Amazon is instructing me to request a one-time password (OTP) so I can complete a transaction.
Sites will usually give you a choice of where and how to receive your OTP: SMS text, voice call, or email. Also, OTPs have a very short lifespan of just a few minutes, to further ensure your data security.
To top off the process, sites will also send you an email or text (your preference) advising you that someone has requested an OTP. If that someone isn’t you, the message will guide you in reporting the potential hack.
Take these steps to secure your digital workplace with Multi-Factor Authentication.
Here at StitchDX, the story I related above was a wake-up call. We wasted no time activating multi-factor authentication in our Microsoft Sharepoint/O365/Teams-based digital workplace and have been breathing a little easier ever since.
What about you? Consider all the digital tools and apps that keep your organization running. How hard are they working to protect the data that they use every day—especially financial information? Consider the software integrations that streamline the work you do. Do they represent weaknesses that hackers can exploit? And I’ll ask it again: Can you afford any financial loss, let alone one six-figure or greater?
Follow these steps to assess your risk and start making your digital workplace more secure:
- Conduct an app audit in your organization, creating a list of actively used tech in your organization. This is also a great opportunity to weed out apps and tools that are active but no longer in use.
- Research if the tools you’re using/keeping offer any form of MFA. You can make short work of this with Google; just search “[App name] MFA.” You’ll find that the most widely used apps and platforms offer 2FA, if not full MFA. Here’s a sampler:
- Activate 2FA or MFA, following the instructions for each tool (look in “account settings”).
Amp up your digital workplace security with authenticator apps.
Hackers will stop at nothing and that includes hijacking your smartphone’s number or SIM. Authenicator apps such as Microsoft Authenticator, Google Authenticator, Authy, and DuoMobile harden your digital workplace security by preventing hackers from redirecting your 2FA notifications to their own devices. This Wired article goes into greater detail on the advantages of authenticator apps.
One last question: 2FA or MFA?
It would seem obvious that more = better when it comes to identification factors. But depending on the size of your organization and the nature of the data you’re aiming to protect, a deep MFA protocol may or may not be called for. Additionally (and getting back to employee experience), your users may find MFA to be a speed bump, slowing down (ever-so-slightly) their productivity and performance.
You may discover that you need to strike a balance between security and convenience. And you may come to the conclusion that for your enterprise, security is non-negotiable.
We can’t say it strongly enough: It’s time to implement a multi-factor authentication plan in your organization. Start the conversation with your IT department or provider now, before your business becomes the next victim of cyber crime.