Education

Blogs

Find the latest news and information here.

The Anatomy of a Data Breach: What are They and What if You Spot One?

Arguably no phrase has dominated the tech world the last 24 months more than the term “data breach.” From breaches that have impacted critical infrastructure like the Colonial Pipeline to hackers compromising healthcare records at UC San Diego Health, the last two years have been saturated by headlines of cybersecurity mishaps. Yet, despite the prevalence of the breach-centric news cycle, many everyday individuals may not know what exactly a data breach is, how they typically start, and why they occur.

According to IBM, the average time it takes to identify that a breach has occurred is 287 days, with the average time to contain a breach clocking in at 80 days. And with 81% of businesses experiencing a cyberattack during COVID, it is essential that individuals are familiar with the anatomy of a data breach so that they can keep their data, as well as their colleagues’ and customers’ data, safe.

With that in mind, here is some helpful background on what data breaches are and why they are so problematic.

What is a data breach? 

While it may seem like a complex concept, once the jargon is removed, a data breach is actually really straightforward to explain. According to Trend Micro, a data breach is “an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.” And while data breaches can be the result of a system or human error, a vast majority of data breaches are the result of cyber-attacks, where a cybercriminal gains unlawful access to sensitive system data. In fact, 92% of the data breaches in Q1 2022 were the result of cyberattacks.

What kind of data can be breached?

Unfortunately, cybercriminals look to get their hands on any information that they possibly can ranging from more obvious sensitive information such as social security numbers and credit card information to more obscure data like past purchase history.

What are some of the tactics used to execute data breaches?

Cybercrime is getting more sophisticated each day. However, cyberattack tactics do not have to be cutting-edge or advanced in order to be very effective. Here are a few examples of popular tactics used by cybercriminals:

  • Phishing: Phishing is when a cybercriminal pretends to be a legitimate party in hopes of tricking an individual into giving them access to personal information. Phishing is one of the oldest tricks in the book for cybercriminals, but it is just as effective as ever. For example, 80% of security incidents and 90% of data breaches stem from phishing attempts.
  • Malware: Another tried-and-true method for cybercriminals is malware. Malware is malicious software that secretly installs itself on devices – often by way of a user engaging with fake links and content – and quietly gains access to the data on an individual’s device or a business network.
  • Password Attack: Through password attacks, cybercriminals look to gain access to sensitive data and networks by way of “cracking” user passwords and using these credentials to get into networks and extract data from a given network.

How to spot a possible breach?

The best way to stop a data breach is to stop it before it even starts. This includes taking steps from making sure passwords are long and complex to report suspicious emails. If you do suspect that you have been the victim of a breach, immediately contact your IT department or experts at Networks Plus to notify them and follow subsequent protocols to help them scan, detect, and remediate any issues that exist.

 

Cybersecurity in the Workplace: 4 Tips to Keep Your Business Safe and Secure

Keeping information safe and secure is challenging developments for businesses of all sizes over the last few years. Expeditious shifts from in-person to online to hybrid workplaces forced companies to change, or at least reexamine, their cybersecurity practices and protocols, and far too often they weren’t prepared. In fact, according to CyberEdge’s Cyberthreat Defense Report, 85% of organizations suffered from a successful cyberattack in 2021.

 

Now, businesses that have suffered cyberattacks along with companies that have been fortunate enough to avoid being a victim of breaches and hacks are looking at ways they can bolster their defenses and safeguard their data. But which plans, practices, and services should these organizations invest in?

 

Below are 4 steps businesses of all shapes and sizes can take to better protect themselves against cyber attacks:

 

Identify “Crown Jewels” of Your Business 

 

Understanding what information cybercriminals are after most is essential to combating cyber attacks. Therefore, creating an inventory list of the valuable data and assets within your organization, including manufacturer, model, hardware,

and software information, is of the utmost importance. In addition, take note of who has access to important data and information while also accounting for all storage locations. This practice will ensure that business leaders have a track record of accessibility so that they know where to look in case of a vulnerability or breach.

 

Protect Assets by Updating and Authenticating

 

At the end of the day, protecting your data and devices from malicious actors is what cybersecurity is all about. In order to accomplish this, make sure your security software is current. Investing in the most up-to-date software, web browsers, and operating systems is one of the best defenses against a host of viruses, malware, and other online threats. Furthermore, make sure these devices have automatic updates turned on so employees aren’t tasked with manually updating devices. Additionally, make sure all data is backed up either in the cloud or via separate hard drive storage.

 

Another important way to keep your assets safe is by ensuring staff are using strong authentication to protect access to accounts and ensure only those with permission can access them. This includes strong, secure, and differentiated passwords. According to a 2021 PC Mag study, 70% of people admit they use the same password for more than one account. Using weak and similar passwords makes a hacker’s life a lot easier and can give them access to more materials than they could dream of. Finally, make sure employees are using multi-factor authentication. While this may result in a few extra sign-ins, MFA is essential to safeguarding data and can be the difference between a successful and unsuccessful breach.

 

Monitor and Detect Suspicious Activity

 

Companies must always be on the lookout for possible breaches, vulnerabilities, and attacks, especially in a world where many often go undetected. This can be done by investing in cybersecurity products or services that help monitor your networks such as antivirus and antimalware software. Moreover, make sure your employees and personnel are following all established cybersecurity protocols before, during, and after a breach. Individuals who ignore or disregard important cybersecurity practices can compromise not only themselves but the entire organization. Paying close attention to whether your company is fully embracing all of your cybersecurity procedures and technology is incumbent upon business leaders.

 

Have a Response Plan Ready

 

No matter how many safeguards you have in place, the unfortunate reality is that cyber incidents still occur. However, responding in a comprehensive manner will reduce risks to your business and send a positive signal to your customers and employees. Therefore, businesses should have a cyber incident response plan ready to go prior to a breach. In it, companies should embrace savvy practices such as disconnecting any affected computers from the network, notifying their IT staff or the proper third-party vendors, and utilizing any spares and backup devices while continuing to capture operational data.

 

EMPLOYEES: YOUR BIGGEST ASSET – YOUR BIGGEST THREAT

When we think of cybersecurity, oftentimes our minds go straight to the bad guys. The hackers, cybercriminals, and the dark web. The truth is, while these are the instigators behind the attacks, they are not our biggest threat. As shocking as that may sound, our biggest threat is our employees – including you. Oftentimes owners, supervisors, and IT staff are some of the worst offenders.   

Sure, our employees are good, honest, trustworthy people. After all, we trust them with our corporate finances, client interactions, and day-to-day operations. But they are, after all, only human and unfortunately, that puts our cyber safety in jeopardy every day. 

Human error is the leading cause of most cyberattacks. This has less to do with employees being vindictive or malicious and a lot more from curiosity and carelessness. No longer is it safe to assume our employees know or even understand our company’s cybersecurity protocol or best practices. It’s a matter of taking responsibility to ensure they know, comprehend, and agree to adhere to it.    

Let’s explore a few ways we can educate our team to be our best allies and defense rather than the gateway to attacks.  

  1. Email Education 

Phishing scams and malicious links sent through emails are the two most common areas for errors to happen. A study in 2019 by Webroot revealed that nearly 49% of employees admit to clicking a link from an unknown sender that they didn’t request. Even more startling is that 29% admitted to doing this more than once.  

 It is no longer enough to rely on spam filters and quarantines. Employee education must be at the forefront of all cybersecurity plans.  

 

  1. Web Browsing 

Many companies either can’t or don’t limit their employees to internet access. There are many positions that require free reign to research, make purchases, communicate with customers, etc., making restrictions a bit of a hindrance. The flip side of this is that employees can visit malicious websites without even realizing it.   

Like emails, it is imperative that employees learn to avoid clicking links, to steer clear of unknown websites, and to only enter personal, corporate, or financial information on trusted sites.   

 

  1. Password Strength 

Humans are notorious creatures of habit. We tend to park in the same vicinity every day, we have morning and evening routines, and even choose the same passwords for multiple accounts. Bad password habits create whole new levels of vulnerability and risks. By implementing password protocols and even password management, you are able to reduce and mitigate some of that risk.  

 

The Networks Plus team understands this might not be at the top of your daily to-do list. That’s why we have a group of experts available to help and assist you in not only getting these protocols in place but in educating your employees on these best practices.  

If you want help helping your team, call us today!  

RISK MANAGEMENT: CYBER INSURANCE AND YOU

Cybersecurity insurance, also referred to as cyber insurance or even cyber liability insurance, is in many ways, similar to flood insurance for your homeowner’s policy. It provides you with additional coverage in the event of a catastrophic event. In this case, a cyberattack, data breach, etc.

Cybersecurity insurance is relatively new and still viewed skeptically by some. However, it is important to remember that any business that uses technology or collects data is at risk of a cyber-attack. Many small-medium sized businesses (SMB) cannot afford the catastrophic costs to rectify a breach on their own. This is where cybersecurity insurance steps in and becomes a game changer.

We’ve heard time and time again from SMB owners that they are too small to be hacked. However, think about Grandma Jones sitting at home playing ‘Words with Friends’ online. A “friend” messages her and they begin chatting daily. She gets convinced to send money to this “friend’s” account and gets swindled out of thousands of dollars. She, not unlike your SMB, thought she was under the radar and an unlikely target. Hackers don’t discriminate on size, gender, age, etc. Everyone online is potentially a target!

Our partners at DataStream Cyber Insurance recently released an article discussing how our focus is now not so much on the IF it happens, but more so the WHEN it happens. DataStream explains, “The Covid-19 pandemic has led to a paradigm shift in how businesses operate and the accelerated shift to digital and online operations.

With that shift has come, sadly but inevitably, an increase in the number of businesses that are being targeted by cyber criminals.

The statistics for 2020 make for uncomfortable reading. Last summer at the height of the pandemic, the FBI reported it was now receiving more than 4,000 complaints about cybersecurity attacks each day – up 400% from what they were seeing pre-covid. Interpol, too, reported a huge surge in reports of attack attempts aimed at SMBs, major corporations, governments and critical infrastructure.

The most worrying increase has come in the form of corporate ransomware attacks, where criminals hold your company’s data (including customer data) or network hostage until they get paid money. Ransomware attacks have crippled businesses, with Security Boulevard reporting that 58% of businesses ended up paying off the attackers just to get control back of their systems.

Unfortunately, most cybersecurity experts – including DataStream’s own team of analysts – now position corporate cyber-attacks as an almost inevitable event that businesses should prepare for. Even with the best and most expensive cyber security technology protecting your systems, the chances are a cyber-attack can and will find its way through at some point.”

To read their article in full, click HERE.

Networks Plus’ CISSP and Certified Ethical Hacker, Jerry Horton explains the importance of cyber insurance from a different point of view. Jerry explains, “Risk management is more than a buzzword: it is a foundational practice to keep a business operational.”

Jerry emphasizes that once risks have been identified, there are four things business leaders can do with them: 

  1. Avoid the risk – simply stop doing what is creating the risk

 

  1. Mitigate the risk this is the core of cybersecurity. Technical and administrative controls are put into place to prevent the risk

 

  1. Accept the risk – when a business practice comes with unavoidable risk and the cost of mitigating outweighs the potential impact, business leaders can simply accept it and pay out of pocket if the risk causes an issue

 

  1. Transfer the risk – this is where insurance comes into play. 

Transference is always a secondary step as business leaders need to insure against practices that can’t be avoided and for which risk mitigations have already been put into place. By way of example, we all carry insurance for our vehicles and the operation of them. We can lower our rates by mitigating risks such as ensuring that vehicle operators are properly trained and licensed, obeying traffic laws, and avoiding operating vehicles in dangerous environment when possible. However, we can’t avoid chips in a windshield from a piece of gravel thrown up during operation or avoid incidents such as a tree falling on the vehicle, scratches and dings in a parking lot, or even a multi-vehicle accident. We purchase insurance to guard against the loss such incidents will incur. 

Cyberinsurance is the same concept – transference of risks with your data and systems. Just like insurance on any other property, you, as the business leader, have a responsibility to make certain that you have mitigated as many risks as possible. More importantly, cyberinsurance is an essential part of a business’s strategy to maintain a healthy and stable financial state.  

Why would cyberinsurance do that, you might ask? Consider this, ransomware is the most common risk faced by every business, accounting for more than 54% of all of cyberinsurance claims in 2020 (up from only 13% the year before or over a 400% increase). This only shows part of the picture, however. Not only are ransomware attacks increasing in frequency, but the ransoms demands are also rising dramatically (the current average ransom is $170,000!) and the cost of cleanup is even higher. Estimated costs for recovering from a ransomware incident are calculated as roughly 10 times the ransom demanded. In short, this isn’t a risk that can be avoided or accepted; a portion of this risk has to be transferred to keep a business viable. 

In Jerry’s words, “Make no mistake – cyberinsurance is only a part of your risk management strategy.” He strongly encourages you to have a strong cybersecurity program in place, including cybersecurity training for everyone involved in the business, so as to mitigate as much as is possible.

He adds, “Please contact one of our top-notch Business Consultants to talk about your current state of cybersecurity. We will help you get cyber-ready and, through our partner DataStream, cyberinsured against the potential disasters of our online world.”

 

SMBs Are Being Targeted for Cyberattacks

SMBs are constantly under attack. Don’t let yours be next!

When you’re running a small to medium-sized business, you may think that you’re not going to become a victim of a cyberattack. Maybe you think that your data and files aren’t valuable enough to be stolen—or even worse, that your current cybersecurity strategy is strong enough to protect them. But nothing could be farther from the truth.

In fact, cybercriminals are becoming smarter every day, and since their methods are constantly changing, your security needs will also need to evolve. To stay safe, adopt a comprehensive cybersecurity solution that protects your entire organization.

Why Are SMBs Top Targets?

  • They often lack comprehensive protection
  • They don’t understand the magnitude of their risk
  • They underestimate the value of their data
  • They are unprepared to battle cybercriminals

Our sophisticated cybersecurity solutions protect all of your business environments, including your brick-and-mortar and your cloud. You’ll also need to secure any home offices, mobile devices, hardware, software, and cloud-based apps like Microsoft 365.

Would Your Business Survive an Attack?

Hackers will stop at nothing to get to your valuable data, and it’s up to you to protect your business. Ignoring cybersecurity may work in the short term, but the time to be proactive is now.

 

Did You Know…

SMBs Account for Over 60% of all Attacks

Is Your Guard Down?

  • 69% of SMBs have not identified and documented cybersecurity threats
  • 43% do not have a recovery plan in the event of a cybersecurity incident
  • 57% have not informed or trained all users on cybersecurity
  • 48% have not analyzed cybersecurity attack targets and methods

Your Cybersecurity To-Do List:

  1. Understand the Risk

While you’re busy trying to beat out the competition, cybercriminals are busy hatching schemes to infect your devices with malware, take you down with a business email compromise attack (BEC) and steal your valuable data. You can’t let that happen. It’s a cost you can’t afford to bear.

  1. Take Responsibility

After reading up on the latest cybersecurity threats and understanding how easy it is for a small to medium-sized business to fall victim to an attack, tackle the challenge head-on. With so much at stake, you need to come up with a plan that gets your security on a strong foundation. Bring in the professionals.

  1. Assess Weaknesses

You won’t fully understand your risk until you meet with security experts who can conduct a thorough security assessment and diagnose structural weaknesses. To truly protect your business from cybercrime, you’ll need to undergo a cybersecurity evaluation to identify vulnerabilities.

Close Gaps in Security

You can’t secure your organization until you understand your risk.

 

Security for a Remote Workforce

Mobile workers are playing a more important role in operations than ever before. While empowering your remote workforce with the right technical tools will drive productivity and success, the work-from-home (WFH) era is also introducing new security risks for small to medium-sized businesses. In addition to providing IT support for remote workers, you’ll want to defend your business from common cloud computing risks and cybersecurity threats.

 

Cybersecurity Risks

  • Mobile Devices: Protecting and monitoring smartphones, tablets and laptops is harder in the bring-your-own-device era. Enter mobile device management.
  • Remote Access: With employees working outside of the office, it’s important that they have secure remote access to your network.
  • Identity Authentication: It’s easy for bad actors to impersonate your employees—keep the hackers out with identity authentication management.
  • The Company Cloud: Storing and transmitting data in the cloud makes conducting business a breeze, but it opens up a lot of risk, too.
  • Cloud-Based Apps: Collaborating in Microsoft 365 or G-Suite is simple, but that doesn’t mean it’s secure.

Why Partner with a Managed Services Provider (MSP) for Security Solutions?

Once you understand what’s a stake, it’s hard to put off cybersecurity any longer. When you’re ready to prioritize security, it’s time to bring in the professionals.

There’s never been a better time to work with top-tier security consultants who are united around one common goal: Keeping your data secure. Let industry insiders protect your business with an all-encompassing approach to cybersecurity that will help you avoid falling victim to an attack.

Benefits of Professional Cybersecurity Services Include:

  • Comprehensive Cybersecurity: Benefit from layered security solutions that protect your business from every angle and anticipate future challenges.
  • Nonstop Monitoring and Support: Let security experts stand guard 24/7/365, identifying suspicious behavior and providing around-the-clock monitoring.
  • Future-Oriented Business Plans: We’ll assess your current cybersecurity risks and make sure your new strategy evolves alongside emerging threats.
  • Protection for Cloud-Based Suites: Our team of security professionals can protect your Microsoft 365 apps, including SharePoint, Teams, and OneDrive

 

How We Can Help

  1. High-Level Security Assessment: Let us provide you with a detailed picture of your cybersecurity health and security exposure, including scanning your information on the dark web.
  2. Custom Cybersecurity Report: Following the security assessment, we’ll create a detailed report on your vulnerability, allowing us to assess how we’ll proceed to keep you safe.
  3. Industry-Specific Action Plan:We’ll work together to create an action plan that will start securing your organization and its technology. This includes monitoring threats on all managed devices, servers and firewalls.
  4. Compliance IT Solutions: After closing gaps in security, we can support compliance guidelines and make sure your data stays out of harm’s way. Maintaining compliance is easier with security analysts on your team.
  5. We Leave No Stone Unturned

 

Take the first step and get your free security assessment today.

 

 

This Checklist Can Make Your Business More Secure

[     ]     Verify all software patches and updates have been installed. Not just laptops and servers, but firewalls and other network devices (routers, switches, APs, office equipment, etc.)

[     ]     Implement access control to manage who can access data and restrict from where that data can be accessed.

[     ]     Change passwords for network devices; when possible, require multi-factor authentication (MFA)

[     ]     Upgrade end of service versions of software your company is using and supports

[     ]     Document and train employees on the process for reporting suspicious activity

[     ]     Test backups and put at least one version offline monthly (or more often)

[     ]     Enable employee multi-factor authentication (MFA) everywhere

[     ]     Remove internet-facing management consoles (internal access only)

[     ]     Verify everyone in your company has completed security awareness training

[     ]    Implement Managed Detection & Response (MDR) on computers and servers to monitor and respond to threats via both technology and human expertise.

[     ]     Implement security information and event management (SIEM) software for additional visibility, when possible

[     ]     Review cybersecurity policies and corresponding procedures, especially incident response plans and updates have been installed. Not just laptops and servers, but firewalls and other network devices (routers, switches, APs, office equipment, etc.)

 

 

 

 

YOUR SECURITY CODE WILL EXPIRE IN…

The facts about why MFA is so important to your business

Created in collaboration with Brad Jepson, service team lead at Networks Plus

 

“All I want to do is pay my credit card bill online, but I can’t do that without jumping through, what feels like, a hundred hoops to prove it’s me. Don’t get me wrong, I’m glad the financial institution wants to protect my information, but seriously, who besides me is going to make that payment?? I don’t understand why I have to wait for the text message or phone call to get a code when I have already entered my password. Can someone please just tell me the point of this?!?”

If this has ever crossed your mind, you aren’t alone. Multi-factor authentication, more commonly referred to as MFA, essentially adds an additional layer of security to your account. Simply put, it requires two or more factors to prove who you are, what you know, or what you have, in order to authenticate your account.

While it may seem superfluous, it is becoming quite imperative to adhere to the requests. The truth is, cybersecurity threats are so advanced it is no longer a question of if your credentials get hacked, it’s when. Just take a moment to let that sink in. This isn’t just your Facebook or Instagram page getting hacked. Sure, that would be an inconvenience, but what about the big stuff? What about your credit cards? Your personal or business banking account? Your social security number? Your client’s data? What price would you place on your company’s reputation? When you have MFA in place and a hacker gains access to your password but does not have access to your fingerprint or your cell phone – they cannot gain access to your accounts. All of a sudden that extra step in paying your credit card bill no longer seems pointless, does it?

Hacking isn’t something that is centralized to a particular demographic or region, either. It is quickly becoming a global issue and therefore, MFA is also being adopted all over the world. It is becoming increasingly important for businesses and organizations to add MFA to their cybersecurity plan. Imagine if your company’s email accounts were continuously hacked. What would that do to your brand’s image?

When you think in terms of damage control, the hassles of push notifications seem minor in comparison, doesn’t it? Even if you don’t think you have critical data, the amount of downtime to recover from a breach is substantial. The Denver Post has even reported that a whopping 60 percent of small businesses who fall victim to a cyberattack are out of business within six months.

We realize that forcing your employees to enter codes multiple times a day can be overwhelming and time-consuming. The last thing a security measure should do is waste valuable time. However, the importance of implementing MFA is an inherent necessity. If your concern is causing frustration for your staff, there is a single sign-on (SSO) solution, which allows a single multi-factor authentication to allow access to any of your capable platforms.

As a group of cybersecurity experts, we don’t like things getting in our way of productivity either. Since downtime is really not an option for anyone, it is always best to add as many layers of protection as we can. Think about going outside in subzero temperatures. You dress in pants, socks, boots, a sweater, a coat, a hat, gloves, and a scarf. You’ve added layers of protection to your body to reduce the risk of external threats. MFA is essentially the same thing – only, applied to your data.

To learn more about MFA we invite you to contact us at 800-299-1704. We love to talk about cybersecurity – so make our day by giving us a call!

Brad Jepsen

Microsoft Teams

Increase Efficiencies & Communication in Your Business

Presented by: Adam Boyle, Senior Business Consultant & Angie Armstrong, Director of Business Development

Watch the replay here.

Event Features Homeland Security Expert

TechFest: A Conference to Educate, Prepare, and Arm Businesses for Cyber Threats

Networks Plus, a managed IT services leader in Manhattan, Kan. will host TechFest 2022, featuring cybersecurity best practices and advice from industry experts. Readily available resources will be provided to all businesses attending the conference on April 19 at the Hilton Garden Inn in downtown Manhattan.

The Manhattan-based company has teamed up with leaders from all across the country to deliver a comprehensive, easy-to-follow format with practical take-aways which can be implemented immediately. TechFest 2022 features speakers from Datto, Watch Guard Technologies, Manhattan Area Chamber of Commerce Economic Development, and the United States Department of Homeland Security.

Regional Cybersecurity Advisor of the Unites States Department of Homeland Security, Geoffrey Jenista warns, “If you are connected to the internet, you are Ukraine and Russia’s neighbor. CISA [Cybersecurity and Infrastructure Security Agency] encourages organizations of every size to have their ‘shields up’.” Current events regarding Russia’s invasion of Ukraine have significantly emphasized not only the importance of having business operating systems protected and backed up, but the significance of taking those precautions immediately.

TechFest 2022 will be held April 19 at the Hilton Garden Inn in Manhattan, Kan. The event will kick off with a pre-conference workshop on Microsoft 365 Business Premium from 10 a.m. – noon with the full event picking up at 1 p.m. and concluding at 5 p.m. The company will host a social networking event immediately following. Registrations are due April 8 and space is limited. Business owners, managers, IT professionals, and office administrators are encouraged to attend. Click here for additional information.

Questions Every Business Leader Should Ask Before Choosing MFA

Multi-factor authentication (MFA) is an essential piece of security for any modern business. Whether you’re trying to meet compliance requirements or trying to increase the security of your business, MFA can help. By implementing MFA, you can help secure your company’s assets, confidential information, and accounts – especially if you have remote workers, privileged users, Cloud applications, and employees that access corporate resources on their laptops. Implementing MFA also minimizes the risk of a breach and the reputation damage, legal fees, and other consequences that come with that.

A warning – not all MFA is created equal. By asking these questions, you can better determine whether a potential MFA solution will provide the security you need or if you need to look elsewhere.

  • Does your MFA solution use SMS-based verification as the primary or default authentication option?
    SMS-based verification is less secure than other methods because it is vulnerable to hijacking. It is acceptable as a back-up method since using multiple factors of authentication will always be stronger than using just one layer of protection. However, SMS-based authentication should not be the primary or default method used. If it is, look elsewhere.
  • How is the user experience for end users?
    A good user experience is critical to ensure successful MFA adoption. If end users feel that the particular solution impedes productivity and prevents them from accessing the resources they need, it will not work. Ask the service provider to walk you through the user experience and question any parts that you predict will frustrate your employees (e.g. certain hardware tokens that are easily lost or forgotten). Ask the service provider if there are features that help with end-user adoption or if they have any recommendation on gaining end-user adoption.
  • Does it support offline authentication?
    If you have employees that travel for work and that need to access their laptops while on the airplane, you’ll need to ensure that your chosen MFA solution supports offline authentication. There are other instances, such as when you are connecting to hotel Wi-Fi or public Wi-Fi or when an Internet connection is spotty, in which offline authentication is required. Ask the service provider about offline authentication options and be sure that their solution is easy, secure, and doesn’t require helpdesk connections.
  • Does the solution support secure Web Single Sign-On (SSO)?
    Web single sign-on not only makes the solution easier for the end user, but also makes it more secure. It’s essential that Web SSO into Cloud applications is supported by any MFA solution you are considering. If your company uses many different Cloud applications and each of those apps require users to sign in and create passwords, then the user experience becomes very complex. It also means employees will need to reset their passwords more often and may require helpdesk support more often. This can be avoided with single sign-on, which enables users to sign on just once to access all their Cloud applications. This ultimately provides a better user experience and is an important motivation for user adoption.
  • What is the MFA vendor’s business model?
    When purchasing MFA, it’s not just important to make sure the solution meets your needs, but that the solution provider is the right fit for you as well. Ask the solution provider about their business model to get a feel for how much they’ll be able to support you beyond just the purchase. Will they be able to support all your needs during deployment? Do they have local partners to provide support if there are ever issues? Does their pricing model accommodate how and when you want to allocate license?
  • Is the solution localized for end users?
    End-user facing applications should be localized. While the management interface does not need to be localized, the language of the UI should be appropriate for all applicable regions. This is critical for end-user adoption of any MFA solution. Remember that an MFA end user is most of the time not a cyber security expert.
  • Is the solution easy to manage?
    Management and token allocation should be simple, quick, intuitive, and web-based, even for non-experienced operators. How easy is it to set up and start using the solution? How fast can you add a resource to be protected by the MFA solution? How fast and easy can you provision authenticators for the users? Is the admin interface easy to understand and use? Seek solutions that provide a comprehensive interface for what you need without requiring you to be an expert.
  • How much does the solution cost?

Asking about pricing is a given, but we wanted to bring it up because MFA pricing can be unclear and sometimes there are hidden costs. How is it sold: per user, per authenticator, or even per protected application? Is support included – both technical support and subscription management support? Are there any other hidden costs that may apply, such as extra software you will need to license?  Pricing for MFA is often done in bands or ranges with bulk discounts. If you fall below a certain range, work with the solution provider to see how you can be creative to meet the bulk requirements of the next pricing band.

For additional information, talk to your dedicated consultant at Networks Plus.

Get a free assessment

Your custom cybersecurity check up identifies where you’re secure, and where you’re not. Fill out the information below to schedule a FREE network and cybersecurity consultation with one of our local IT Business Consultants. There are no obligations, and you will walk away with information on how you compare to today’s IT and cybersecurity best practices.