You’ve probably encountered multifactor authentication (MFA) for bank and other account access, but have you enacted MFA for your business? Cybersecurity initiatives like MFA are essential for businesses, but they’re also an expectation when obtaining cyber liability insurance.
What is MFA?
MFA is a security system that requires two or more authentication methods from independent credentials to verify a user’s identity. Each authentication factor increases cybersecurity.
An MFA login process typically includes a combination of at least two of the following:
- A password or personal identification number (something you know)
- A smart card, authentication code, token or mobile phone (something you have)
- A biometric component, such as a fingerprint, face scan or voice sample (something you are)
The primary purpose of MFA is to provide enhanced security by adding extra layers of defense against unauthorized access or transactions. You use MFA to improve the security of your business networks and sensitive data. It reduces the effectiveness of digital scams like phishing, account misuse and identity theft by requiring multiple forms of authentication.
Cybercriminals might breach one layer (like a password), but it would be tough to breach all the MFA layers.
Why insurance companies want you to use MFA
Insurance companies will vet your cybersecurity protocols when you’re shopping for a cyber liability policy, so expect detailed questions about MFA. The robustness of your protective measures will determine your coverage and premiums.
Insurance companies will look for cybersecurity across different areas of your operations, like the following:
Remote worker access
If you use remote network access, MFA can reduce the potential for a network compromise due to lost or stolen credentials. Without MFA, an intruder can access your network. And if the stolen credentials are for an employee with high levels of network access, the intruder will have unfettered access to your entire network.
Administrative access
MFA controls for access to administrative accounts help prevent intruders from elevating their privileges and obtaining broader access. MFA controls could help contain a ransomware deployment across your entire network.
Email access
MFA on email accounts can help reduce the potential for a wider-scale attack. Threat actors often use company emails to commit cyber schemes against employees, clients and vendors. For example, a threat actor might use a CEO’s email to contact the accounting department to request a wire transfer, draining the company’s funds. Accounting may not question the transaction since it’s coming from the CEO’s email.
Cyber insurance applications
Insurance companies will conduct an assessment to determine if you’re a good risk. The outcome will determine if you get coverage and for how much. Depending on your business, the risk assessment might be a simple questionnaire or a complex third-party audit.
If your business can demonstrate a robust, layered cybersecurity approach that includes MFA, you might get better premiums or coverage options — or both. If you don’t have safeguards like MFA, you risk coverage denials, limited options or higher premiums.
Pro tip: Don’t lie about your cybersecurity protocols to get a good price. If you experience a cyberattack, the insurance company will conduct a computer forensic investigation as part of the claims process. They’ll know whether you had the security in place. If you didn’t, they’ll deny your claim. Being misleading will not help your case.
Other cybersecurity to have in place
- In addition to MFA, insurance companies will ask about other cybersecurity controls like:
- Network security protocols such as firewalls, intrusion detection and prevention systems
- Encryption methods to protect against data interception and breaches
- Cybersecurity training to educate employees on how to recognize, report and evade cyberattacks and scams
- An incident response plan that defines how your company will manage a cyberattack
Implement MFA at your business
Cyber coverage is as important as your business auto or liability policy. Deploying an MFA policy doesn’t just benefit your business operations and reputation. It also boosts your ability to obtain cyber liability insurance. If you’re not confident about your cybersecurity, take steps to improve it. Visit the Cybersecurity and Infrastructure Security Agency website for resources for business owners. These include advice on how to roll out cybersecurity initiatives, evaluation tools and response planning, and links to regional support offices.
Cybersecurity is a critical part of every business risk mitigation plan. Collaborate with your IT team on your cybersecurity initiatives and apply for cyber liability insurance with confidence.
