MULTI-FACTOR AUTHENTICATION How Having a Layered Defense for Your Bank Can Help to Combat Cyber Threats By Mike Gilmore, Chief Compliance Officer, RESULTS Technology As a leader and decision-maker at your bank, you know that technology is a double-edged sword. It helps you work effectively, learn more about your customers, and make better decisions. But the online world also has the potential to destroy a business you’ve worked so hard to build. We live in a digital world — there’s no way to run a business without technology. So, the only option is to protect yourself as best as you can. One of the most effective ways to do this is with multi-factor authentication (MFA). You’ve probably heard about it before, and if you’re tired of hearing about it, don’t leave just yet! We’re going to debunk the common complaints about MFA and explain why it’s the single most important thing you could do for your bank’s security today. “But It Adds an Extra Step to All My Applications.” The biggest complaint with multi-factor authentication is that it bogs people down. You open up your email; you have to put in a code. If you want to access a document in Google Drive; you have to open an app and request a “token” (a number) to key in. While it may add a few seconds to your day, not implementing MFA could get you in legal trouble. The Federal Trade Commission recently updated the Safeguards Rule, which “requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure.” MFA is one of those measures. In addition, the Federal Deposit Insurance Corporation (FDIC) strongly recommends MFA as well as a Managed Service Provider (MSP) that is experienced with banks and the special security needs that they require. And if that wasn’t enough to convince you, most cyber insurance requires the use of MFA. Luckily, a good MSP knows how to properly implement MFA to make it fast, easy, and secure. To get the security benefits of MFA without excessive inconvenience, there are strategies you can use. At RESULTS Technology, we recommend using push notifications. This way, you won’t have to wait or search for a code; it simply pops up on your screen with the option of remembering your device for 90-180 days. This takes away the constant code inputting and time drag. Is It Really That Effective? Yes, But Nothing Is Foolproof! When MFA was first gaining steam, Microsoft claimed it could stop 99.99% of data breaches. But like most things, especially when it’s concerning cybersecurity for banks, cybercriminals quickly got to work finding ways around it. So while you can’t have a near-perfect guarantee, MFA is still highly effective. Many bank employees may think that the biggest cybersecurity risk comes from a customer’s account being hacked or from someone accessing the bank’s main data frame. But hackers aren’t interested in those hard-toreach targets. Instead, they might find an employee’s email login information and, without MFA, make it into their account. But that’s not their target — your employee’s compromised account is just the Trojan horse. With the credibility of an employee’s account, they’ll send emails to coworkers and customers. Once they have an email address and password, the attacker can eavesdrop on your email accounts. With the credibility of your employee’s account, they can quietly collect private data from your customers or internal staff for months without detection. Through this process, they can request private information, rewire payments to go into their own account or infect thousands of more computers with a phishing email. The possibilities are endless when it comes to social engineering. If they’re successful, your bank will risk everything from lost income due to reputational damage — in the age 24 | The Show-Me Banker Magazine
RkJQdWJsaXNoZXIy ODQxMjUw