Data breaches can be devastating to an organization. They can come out of nowhere and leave your organization completely exposed. With approximately 50% of small businesses experiencing a cyberattack every year, it is imperative that your organization keep up to date on cybersecurity best practices to protect itself.
What is SMS Multi-Factor Authentication (MFA)?
MFA (Multi-Factor Authentication) is one of the simplest and most effective ways to curb cyber attacks. Think of it as a safety deposit box at the bank requiring two keys to open. Without both keys, bad actors are unable to breach the system. It is an extra step to keep your data safe and your organization functioning smoothly.
It is important to note that MFA is available in several forms. One of the most common is SMS (Short Message Service). Have you ever tried logging into an account and been asked to input a code sent to your phone for verification? That’s SMS MFA. While this method is better than having no MFA, our cybersecurity experts echo the sentiment of Microsoft’s Director of Identity Security, Alex Weinert, when he says: “it’s time to hang up on phone transports for authentication.”
Why cybersecurity best practices are eliminating SMS MFA
Businesses are shifting to a “not if, but when” mentality because of the increasing frequency of cyberattacks. In response to this change in organizational values, MFA has become the new norm, and criminals are more desperate than ever to take it down. The simple truth is that SMS isn’t secure. For as little as $30-50, SMS messages can be intercepted through bugging, spyware technology, SIM card theft, false cell stations, etc. These messages are typically not encrypted and sent over open networks, exponentially compounding the problem. If a bad actor intercepts your message, then the extra security provided through MFA is forfeited.
MFA best practices for improved cybersecurity
It is our cybersecurity team’s position that using an App-Based Authenticator, like Microsoft Authenticator, is the best way to protect your organization from attack. Because app-based authentication is tied to a physical device, it is much harder for bad actors to intercept code. In addition, the codes expire quickly. The result is a much more effective layer of security. They also offer support for push notifications. This makes the MFA sign-in experience more convenient and opens the gateway for password-less sign-in while maintaining strong Multi-Factor security. App-based authentication also offers avenues for integration into other 3rd Party applications or workloads such as on-premises VPNs, custom applications supporting SAML or OAUTH, and cloud-based software like Adobe Creative Cloud, Dropbox, and Autodesk. For instance, using Microsoft Authenticator allows GadellNet to deploy MFA with Meraki’s built-in VPN, creating a seamless user experience.
Our team strives to protect your organization from cyberattacks. Keeping up with the latest cybersecurity and attack trends gives GadellNet a strong understanding of the risks posed by SMS MFA. This continuous education has driven the decision to move clients away from SMS authentication and toward app-based authenticators. Staying ahead of bad actors requires change and we are here to support your team through the ever-evolving cybersecurity landscape. The good news is that app-based authentication is not only safer and easier but offers new and exciting ways for us to power your missions.
