Because of the increase in cyber security, more small to midsize businesses (SMBs) are using Multi-factor Authentication (MFA) to properly identify users attempting to log in to their database. Implementing MFA means your employee needs to provide more than one factor of identification when they log in. This benefits your business if one layer of security is compromised, the second or even a third factor is required to authenticate entry into your network or applications.
Most users utilize push-based MFA due to its efficiency and simple use. Unfortunately, this method has recently become one of the easier security measures for hackers to bypass.
What is push-based MFA?
Pushed-based MFA sends an approval message to the employee’s phone for review after someone inputs the correct password to log in. As the second layer of security, this message asks the owner to approve or deny the request, confirming the user's identity. DUO and Amazon (through their app) can tell you additional information such as when the attempt was made, the device logging in, and the nearest IP address.
[screenshot from KnowBe4]
How do hackers get past MFA?
Hackers are able to get past push-based MFA due to user’s negligence. By not paying attention to where the login attempt is coming from, bypassing push MFA could occur under multiple scenarios:
- A cyber criminal intercepts your outgoing connection through a malicious site (known as a man-in-the-middle attack) and mirrors your MFA credentials to use for later approvals.
- Hackers use a SIM swap to temporarily move the phone number attached to the MFA login to the employee’s phone, which can allow the login to be “approved” for access.
- Some businesses will allow one person to approve all push MFA attempts, and that person may not pay attention as to where the login attempt is located.
- The hacker steals an inactive user’s credentials, enrolls a new device for MFA, and accesses the network. In this way they give the illusion of approval to steal information.
What can I do to make my IT systems more resistant to hacking?
You have many responsibilities which keep you focused on keeping your Omaha business running smoothly and may not have time to scrutinize every single login attempt. To maximize your security, there are solutions you can implement around the office to uphold productivity and efficiency.
- Security Awareness Training- Your IT Support or Omaha IT Provider can lead a short training session to prepare your office against phishing, malware, and MFA hacking attempts. We offer Cyber Security Training that can be completed throughout the work week, including simple (safe) tests that help your employees spot phishing scams faster.
- Geo-Fencing- This is the process of limiting logins to pre-approved physical locations and IP addresses. Geo-fencing can only be applied to push-based MFA, and your employees will need to let IT Support know if they are logging in from an abnormal location. It will keep your systems safe by automatically flagging login attempts outside of the areas that are not approved by IT.
- Geo-Kinetics- Though relatively new, geo-kinetics records the location of each login and automatically denies access from two different timely locations. If one of your employees successfully logs in at your office, and a hacker tries to login somewhere across the globe, their attempt is flagged and shut down.
- Geo-Correlation- Similar to geo-kinetics, geo-correlation records the location of the login, but it also checks to see if the user's laptop and cell phone are in the same place when using the push MFA. If they do not correlate, the login is denied, shutting the unknown user out.
- Location- Sometimes it is as easy and simple as your employees making sure the IP address, location, and time are all correct. It might take a little extra effort, but it goes a long way in securing your systems by properly identifying the user.
- Device Registration- Your IT Support should keep track of every device that will be used for MFA by registering them. This holds each employee responsible for their personal identity and prevents hackers from slipping through the cracks.
Check out our security services
MFA is still a secure method to keep cyber actors out of your IT systems and data. Omaha IT providers recommend MFA, and for good reason. But that does not mean cyber actors won't try, and we want to make sure you and your Omaha SMB are ready for anything. From social engineering traps to the best password security practices, you can find out more about our Cyber Security Training. For all your Omaha IT Support needs, feel free to reach out to us!