Is It Really That Effective? Yes, But Nothing Is Foolproof! When MFA was first gaining steam, Microsoft claimed it could stop 99.99% of data breaches. But like most things, especially when it’s concerning cybersecurity for banks, cybercriminals quickly got to work finding ways around it. So while you can’t have a near-perfect guarantee, MFA is still highly effective. Many bank employees may think that the biggest cybersecurity risk comes from a customer’s account being hacked or from someone accessing the bank’s main data frame. But hackers aren’t interested in those hard-to-reach targets. Instead, they might find an employee’s email login information and, without MFA, make it into their account. But that’s not their target — your employee’s compromised account is just the Trojan horse. With the credibility of an employee’s account, they’ll send emails to coworkers and customers. Once they have an email address and password, the attacker can eavesdrop on your email accounts. With the credibility of your employee’s account, they can quietly collect private data from your customers or internal staff for months without detection. Through this process, they can request private information, rewire payments to go into their own account or infect thousands of more computers with a phishing email. The possibilities are endless when it comes to social engineering. If they’re successful, your bank will risk everything from lost income due to reputational damage — in the age of information, mistakes are amplified, which could put your company at an extreme disadvantage. But with multifactor authentication as a layer of your cyber defense, you could stop the criminal before they have a chance to wreak havoc. Do I Need a Paid Service, or Can I Get the Same Security for Free? If you’re feeling the strain of cyber threats but don’t have the resources to have a cybersecurity provider, most apps and tools have an MFA feature. To improve your security today, you should go through each of your vendors — VPN, Gmail, Outlook, Dropbox, DocuSign — anything you access online, and implement MFA. You won’t have to spend any money, and your cyber posture will have straightened up immediately. The downside to these free options is that there’s no guarantee of how secure the authentication process is. You won’t be able to track what devices are being used or who has access. Another downside is that they will all vary in how they’re implemented and used, so you’ll need to remember to audit Financial institutions should understand how these changes could affect their operating model and strategy. 8 The CommunityBanker
RkJQdWJsaXNoZXIy MTg3NDExNQ==