2FA is Becoming a Requirement – Not a Suggestion

As more and more cyber incidents hit the news and consequently hit businesses small to large – the more insistent IT professionals become about shoring up cyber security holes. One of the easier (and very effective) holes to plug is Two Factor Authentication or 2FA. We have become broken records over the last few years when it comes to 2FA because it is so effective at stopping would-be attackers from taking over a system or network.

The problem is – that often – if you hear it enough – it becomes background noise. A little like the ‘Boy Who Cried Wolf’ – the alarm tends to be ignored until the Wolf is actually amongst the sheep. And the sheep are the businesses of the world that do not take cyber security seriously.

With the advent of bigger, higher risk, higher profit cyberthreats – the bigger players are now taking notice. First came insurance companies. They have figured out that they are paying out entirely too much to hackers for lax security measures – so they are starting to require more stringent security practices or they will not pay.

Your IT team wasn’t ‘crying wolf’ – they were more like the canary in the coal mine.

Now the US Government has gotten involved and they have created CISA – Cybersecurity & Infrastructure Security Agency. The addition of the CISA player in the game of cybersecurity ‘whack-a-mole’ has added another layer for needed compliancy* as there are now additional financial repercussions for hacks that happen. The rule is already in place for Critical Infrastructure such as pipelines. Hacks must be reported within 12 hours or face hefty fines.

The US Securities and Exchange Commission fined several brokerage firms this week for $750,000 for exposing sensitive and personally identifiable information for thousands of clients after hackers took over employee email accounts.

What does all of this mean? It means that 2FA is no longer just a ‘suggestion’ – it is necessary if you want to continue to do business without blowback from not only your insurance company but from the government. Your IT team wasn’t ‘crying wolf’ – they were more like the canary in the coal mine. With insurance and government agencies sounding the alarm (and turning the screws financially) – cyber security and most especially 2FA is a MUST HAVE now; not a NICE TO HAVE.

*Recently released CISA “Bad Practices” guidelines 

– written by Jennifer Gilligan 9.1.21