Multi-Factor Authentication (MFA) is a security measure that requires users to provide two or more factors to authenticate their identity. This makes it much more difficult for attackers to gain unauthorised access to your systems and data, even if they have compromised a user's password.
There are several reasons why MFA is important for enterprise customers, especially those who are certified to ISO 27001 and Cyber Essentials:
Compliance: Both ISO 27001 and Cyber Essentials require organisations to implement MFA for certain types of users and accounts. For example, ISO 27001 requires MFA for all privileged users and for any users who have access to sensitive data. Cyber Essentials requires MFA for all administrative users of cloud services.
Security: MFA significantly reduces the risk of successful cyberattacks. This is because attackers would need to compromise multiple factors to gain access to a user's account. Even if an attacker can steal a user's password, they would still need to have access to the user's phone or other authentication device to log in.
Peace of mind: MFA can give enterprise customers peace of mind knowing that their accounts are more secure. This is especially important for customers who handle sensitive data, such as financial information or customer records.
EDocuments has therefore decided, enforce MFA for all users and accounts, including privileged users and users who have access to sensitive data. This will help to ensure that all of customers' systems and data are protected.
How MFA can help to protect your enterprise customers:
Prevent phishing attacks: Phishing attacks are one of the most common ways that attackers gain access to user accounts. By requiring MFA, you can make it much more difficult for attackers to successfully phish your customers' credentials.
Protect against compromised passwords: Even the strongest passwords can be compromised, either through brute-force attacks or through data breaches. MFA adds an extra layer of security by requiring users to provide a second factor of authentication, even if their password has been compromised.
Secure remote access: MFA is essential for protecting remote access to your enterprise customers' systems and data. By requiring MFA for all remote users, you can help to ensure that only authorized users are able to access your customers' systems.
Overall, MFA is an essential security measure for enterprise customers of all sizes. It is especially important for customers who are certified to ISO 27001 and Cyber Essentials.
Switching to MFA
Authenticator App
EDocumnets wanted to make the process simple to manage for all users, so that customers are more likely to adopt it. It should also be easy for you to manage, so that you can easily add and remove users, and troubleshoot any problems. Using a smart phone with an MFA app is the simplest option. The choice of authenticator app is important, and on Apple or Android either “Microsoft-Authenticator” or “Google-Authenticator“ are good choices. By scanning a QR code the MFA can be set up.
But from conversations with customers, not all users have a mobile phone or want to add an app to their phone, and therefore the using "Email a code" is a great option for the second authentication option.
Email a code
Also a very simple solution is to email the user a code. This is a very simple and effective way to make sure the user has control over the email address that they use within the platform. The only potential downside is a delay in the email can be frustrating.
Microsoft SSO (single sign on)
Customers who are running Microsoft Entra ID, formally known as Microsoft Azure Active Directory, can choose just this as an option, and then your enterprises Microsoft authentication gateway can enforce the necessary rules for each users login. If you wish to use this option please contact EDocuments for help with the enterprise configuration.
Summary
By applying this process, EDocuments continues to help customers to implement MFA and improve their security posture.