99.9% of Cyberattacks Are Preventable With Multi-Factor Authentication

The healthcare market experiences plenty of phishing attacks. Each week, healthcare companies report many phishing attacks causing exposed or stolen protected health information (PHI). In many instances, the attacks are avoidable by sticking to basic cybersecurity rules.

Cyberattacks are currently more complicated, although nearly all attacks aren’t. They entail using passwords commonly employed in brute force attacks or typical phishing emails.

Brute force attacks may be averted by enforcing policies to utilize strong passwords. Users should not be permitted to generate passwords using dictionary terms or frequently used weak passwords for example 12345678. Re-using passwords is also a usual reason for breached accounts. As reported by Microsoft, 73% of people duplicate the usage of passwords for business and personal accounts. When an individual account is compromised, the password could be log into the user’s business account.

Numerous phishing emails circumvent anti-spam protection. A new report from Avanan shows as much as 25% of phishing emails aren’t stopped by Exchange Online Protection (EOP) – the standard anti-phishing protection for Microsoft Office 365. It is hence vital for more controls to be enforced to avert a data breach caused by the phishing emails.

All personnel must be given continuous security awareness training and ought to be advised on how to determine phishing emails. Legacy authentication ought to be blocked as well. Other security defenses are the anti-malware solutions, web filters and spam filters, however, Microsoft stated that multi-factor authentication is one option that stops 99.9% of cyberattacks.

Multi-factor authentication pertains to using not just one way of validating user identification. Aside from a password or passphrase which solely the account holder is knowledgeable of, added factors are needed including using a token or biometric confirmation. In case an effort is made to enter an account from an unknown gadget or area, the second validation factor is necessary. That may be a text message routed to the user’s cellphone.

While MFA is a powerful way of avoiding suspicious account access and avoiding data breaches, numerous healthcare companies only use MFA after they have suffered a breach.

Microsoft mentioned in an article that its cloud services have around 300 million bogus sign-in attempts daily and the volume of attacks is going up. Even though the security of a username and password is jeopardized, multi-factor authentication will keep those data from being employed to access an account.

Microsoft’s research says that the compromise of an account is over 99.9 % less probable when you utilize MFA.

Numerous companies are unwilling to utilize MFA because they feel it is problematic and will negatively affect workflows. However, that is not always the case. To lessen disruption, organizations could employ MFA on the most vital accounts or undertake a role-based process. MFA may then be extended from there.

MFA isn’t flawless, however, it is a very important control to use to prevent cyberattacks and keep phishing emails and bad password selections from causing an expensive data breach.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone