Understanding Multi-factor Authentication (MFA), Requirements for Cyber Insurance

Are you able to qualify for cyber policies by having multi-factor authentication (MFA), in place? Although there are many types of cyber insurance policies, each one has its own MFA requirements. However, there are some commonalities that can be used to help you get started. Let’s review.
What is MFA? How do you measure successful deployment?
Multi-factor authentication, or “MFA”, refers to the use two or more methods of identification and access control with the following categories.
“Something you know” (username, password etc. )”Something that you have” – (verification codes sent via email or SMS, etc. )”Something that you are” – (biometric authentication: fingerprint, retina scan, etc. MFA is successfully embedded if at least two of these categories can be used to verify the identity of a user when they attempt access systems. [1]
What Places Should You Use MFA?
Remote Network Access
Remote network access can be made more secure by requiring MFA. This will help reduce the risk of network compromise due to lost or stolen passwords
Administrative Access
Administrators can require MFA remotely and internally to prevent intruders from gaining greater access to internal systems.
Remote Access to Email
Remote access to email can be limited by requiring MFA. This is to prevent any potential compromises to corporate email accounts due to lost or stolen passwords.
Deploy Multi Factor Authentication
MFA is required to qualify for certain cyber insurance policies.
All employees can access email via a website or cloud-based service. Remote access to the network is available to contractors and employees. )Directory Services (active directory, LDAP, etc. )The Organization’s Endpoints/ServersPro Tip: These are the minimum requirements for most lenders. Don’t stop there! Please use MFA wherever it makes sense in your environment.
Need help meeting these MFA requirements?
IE can help! Our security team can help you identify security gaps and vulnerabilities by conducting Security Risk Assessments. Our vCISO service allows us to create or refine security policies and prepare you to meet new compliance requirements.
Are you still unsure? Cisco Secure Access by Duo is FREE!

[1] NIST