Cyberattacks jump by 20%. Protect your business with Multi-Factor Authentication | 2FA | MFA
The number of cyberattacks is on the rise, with 445 million cyberattacks identified during the first quarter of 2020.
With the world still feeling the effects of COVID-19, some hackers are trying to capitalise on the COVID-19 pandemic by targeting individuals and businesses with Coronavirus-related Trojans, ransomware and other digital attacks.
A need for remote working has come at the expense of security in some instances, and there have been many notable breaches in Australia over the past two weeks. A successful data breach can be devastating for your business, with consequences including irreparable damage to your reputation, a permanent 43% reduction in sales revenue, and even a potential $2.1 million civil penalty.
With the Australian Cyber Security Centre (ACSC) warning businesses to expect the number of COVID-19 attacks to increase, it’s crucial that your business is protected against the latest digital threats.
If you’re a Microsoft 365 user, then Microsoft has several security features that we recommend all businesses enable, especially with the recent wave of cyberattacks.
In this blog, we’ll show you how to activate and use a security feature that can successfully block the majority of all password-based attacks.
The good news? These easy to implement features are very effective and can be implemented with very little impact on user experience.
Security defaults: Multi-Factor Authentication made easy
When an account is protected with Multi-Factor Authentication (MFA), the account owner must validate their identity using two different pieces of evidence, before they can access their account. Typically, the user will enter their password and then pass an additional security check, such as entering a code that’s sent to their smartphone as an SMS; clicking a link that’s included in an email, or passing biometric authentication, such as performing a fingerprint or iris scan.
Today, countless businesses rely on MFA to protect their apps, data and devices against hackers. With Microsoft investing $1 billion annually into improving their security services, it’s no surprise that Microsoft 365 users already have several ways to enable MFA.
In this tutorial we’ll show you how to enforce MFA across your organisation, using Microsoft’s security defaults.
Legacy authentication: Don’t leave your business vulnerable
Microsoft’s security defaults are a collection of security settings that promise to protect your organisation against 99.9% of all password-based attacks, by enforcing various essential security features, including MFA.
Security defaults don’t just make MFA mandatory for all users – they also close a dangerous security loophole that can completely undermine your MFA policies and expose your business to the 7 trillion cyber threats that Microsoft records every single day.
Legacy authentication protocols such as POP, SMTP, IMAP and MAPI don’t support MFA. If you enable MFA but still allow employees to access their accounts using legacy authentication protocols, then this is a potential loophole that hackers can exploit. There’s ample evidence that indicates hackers are very aware of this security loophole, as over 97% of credential stuffing attacks and 99% of password spray attacks use legacy authentication, according to Microsoft.
To help keep your business safe, Microsoft’s security defaults implement the following policies:
- Make MFA mandatory for all Microsoft 365 users. After enabling security defaults, users will be asked to setup MFA the next time they try to log into their Microsoft 365 account. If an employee doesn’t activate MFA within a 14 day period, then they’ll be automatically locked out of their account until they setup MFA. Your employees can either configure MFA using a unique verification code that Microsoft sends to their smartphone via SMS, or they can use the Microsoft Authenticator app, which is available for iOS and Android.
- Disabling legacy authentication. Security defaults closes the MFA loophole by blocking legacy authentication protocols.
How to enable Microsoft’s security defaults
Are you ready to protect your business against 99.9% of password-based attacks?
Let’s look at how you can enforce MFA and block legacy authentication protocols, using security defaults:
- Log into your Microsoft Azure admin account.
- Select “Azure Active Directory.”
- In the left-hand menu, select “Properties.”
- Scroll to the “Manage security defaults” link, and give it a click. This should open a new panel.
In the new panel, find the “Enable security defaults” slider. Push this slider into the “On” position.
- Click “Save.”
Security defaults are now enabled for all Microsoft 365 users, across your organisation.
Setup MFA with Microsoft Authenticator
The next time an employee tries to log into their Microsoft 365 account, they’ll be asked to set up MFA.
If the employee opts to authenticate using the Microsoft Authenticator mobile app, then they’ll need to scan a QR code which will create a link between the mobile application on their device, and their Microsoft 365 account.
Now, every time the user attempts to access their account, the Microsoft Authenticator app will generate a one-time verification code that they can use to pass the second verification check, and log into their Microsoft 365 account.
Can’t break away from legacy authentication protocols?
According to research conducted by payment security specialists PCI Pal, 43% of Australian consumers would never spend money with a business again following a security breach, so it’s vital that you take steps to protect your business against hackers.
At Blackbird IT, we recommend enforcing MFA and blocking legacy authentication at an organisation-wide level, but we also understand this isn’t realistic for all businesses. Some of your employees may have legitimate reasons for requiring access to legacy authentication protocols, for example, some mobile clients rely on the IMAP and POP3 protocols. If an employee uses these mobile clients, then blocking legacy authentication can also lock them out of their email!
If you can’t currently enable security defaults, then we’d recommend enforcing MFA and blocking legacy authentication for as many employees as possible, using Microsoft’s Conditional Access policies – we’ll show you how, in our next blog!
Want more advice on the steps your business can take, to make sure your private corporate data remains private?
Our team of specialist cloud computing consultants are on-hand to discuss your security needs, and will be happy to recommend the apps, services and features that can offer your business the highest level of security.