Blog

What Is MFA anyway, and Why Do I Need It?

Posted by: Mary Pat Simmons May 21, 2019 Cybersecurity, Life Sciences

Barely a day goes by that we don’t hear about another successful cyber-attack.  The bad guys target all industries – including life sciences – where personally identifiable information, intellectual property, and other high-value data can be stolen and resold or held for ransom.  Expose even the tiniest crack, and boom, you’ve been compromised!

How do cyber criminals gain access to critical systems, applications, and data?  In most cases, they only need a legit username and accompanying password.  Unfortunately, many individuals don’t protect their passwords adequately.  In life sciences, where siloed systems and meshed partner networks mean folks often maintain as many as 50 passwords, who can blame them for poor security hygiene practices like creating easy-to-remember (and decode) passwords, duplicating them across systems, or writing them (and losing them) on Post-It notes?  Let’s face it, password maintenance gives users nightmares.

That said, hackers dream about operating environments where passwords represent the only gate to access.  That’s why organizations must no longer solely rely on usernames and passwords to permit entry.  They must step up to multifactor authentication (MFA).

Quite simply, MFA requires individuals to present more than one form of identification before they are granted system or application access.  Usually, this mandates a combination of something you know, such as your username and password, and something you have.  Even if attackers obtain the former, the latter helps keep assets secure.

“Something you have” takes on many forms.  It might be a one-time-password-based hardware token.  Or a hardware- or software-based digital certificate.  Or the common access card you already use for physical security when you enter your office building.  It might even be an app on your smartphone.

Regardless, you don’t receive that credential until you’ve completed an identity proofing event.  For low risk environments, remote proofing may suffice.  For more sensitive scenarios or when regulatory compliance looms, you’ll have to prove your identity to a trusted party in-person.

Yes, MFA requires a bit of extra effort, both upfront (to obtain the credential) and over time (to present the credential as part of the access process).  However, MFA offers the potential to use the same credential to safely and securely gain entry to all of the systems and applications you need to do your job – ultimately making your life easier.

Exostar’s life sciences community reaps the benefits of MFA today.  Come join us, and you’ll be the one sleeping comfortably.  The bad guys will be the ones plagued by nightmares.