Blog

3 Ways to Modernize Your County’s Multi-Factor Authentication Strategy

  • Blog

    3 Ways to Modernize Your County’s Multi-Factor Authentication Strategy

    Counties are struggling to protect systems and data, as cybercriminals took advantage of the impact of the pandemic while many counties were distracted with trying to implement new services required to support employees and citizens.

    For example, cybercriminals took advantage of citizens as they looked to their inboxes for unemployment information, stimulus payments and other transactions requiring Personally Identifiable Information (PII).

    It is no wonder that cybersecurity, and more specifically multi-factor authentication (MFA) has become a top initiative for many counties across the nation.

    Multi-factor Authentication Continues to be a Cybersecurity Best Practice

    While many security measures are being put in place, MFA solutions are a cybersecurity best practice when it comes to securing access, whether it’s remote or on-premises, and reducing, even preventing cyberattacks. Some of the most common authentication methods that are used today include hardware tokens, push tokens and phone-based one-time passwords (OTPs).

    However, what happens when our traditional MFA methods start to fail us?

    Traditional MFA Methods Are Under Attack & Inconvenient

    First traditional MFA methods are under attack. For example, in a recent article, on vice.com, a hacker was able to leverage a business text messaging service and for a mere $16 take over the victim’s phone number and intercept all of their SMS messages. These messages included those with OTPs for gaining access to secure accounts.

    On the other side MFA methods remain inconvenient and disrupt employees and citizens as they complete day-to-day tasks. Both employees and citizens can become sources of cyber risk as they resist, avoid and refuse to adopt inconvenient MFA methods.

    While best practices, and security architectures such as Zero Trust, require using MFA 100% of the time for 100% of all your users, if they won’t adopt it, that is impossible to achieve.

    Modernize Your Multi-Factor Authentication Approach

    So, it’s time to evolve your MFA approach and make sure it is capable of adapting to the future state of cyberattacks and the needs of your employees and citizens. 

    Here are three recommendations for making sure your county’s MFA strategy is ready for the future: 

    • Apply advanced authentication approaches: this includes the use of contextual authentication and step-up authentication to be able to strike a better balance between security and convenience. Bringing in the context of the access request or the type of application being accessed can not only make it more difficult for cybercriminals to gain access, but also reward employees and citizens when they are requesting access appropriately.
       
    • Flexible Options are Essential: make sure you have multiple methods of authentication, and most importantly, that you are able to give multiple options to each user as they try to login. For example, if you have your security policy setup for citizens to login with an SMS-delivered OTP and they don’t have cell phone reception, what options do they have to log in? Offering a few different methods for each user to choose from, controlled by a security policy, is the best way to achieve flexibility and provide a convenient login experience. 
       
    • Include Biometrics: while biometrics have been adopted for certain use cases, such as election security, they have become a “must-have” for your MFA strategy. With successful cyberattacks on phone-based methods and the hassle of using methods such as hardware tokens, biometrics has become the most convenient and secure method according to recent research by Raconteur. With nothing to carry, remember, share, or have stolen, biometrics is an excellent authentication method to secure all access. 

    It’s Time to Change

    With the increase and evolution of cyberattacks, your multi-factor authentication strategy needs to adapt. The authentication methods, such as hardware tokens and phone-based OTPs, are starting to fail us. A modern MFA strategy needs to be considered that includes advanced authentication approaches, flexible options to give the user a sense of control, and the most secure and convenient authentication method – biometrics.

     

    Counties are struggling to protect systems and data, as cybercriminals took advantage of the impact of the pandemic while many counties were distracted with trying to implement new services required to support employees and citizens.
    2021-06-02
    Blog
    2021-06-02

Counties are struggling to protect systems and data, as cybercriminals took advantage of the impact of the pandemic while many counties were distracted with trying to implement new services required to support employees and citizens.

For example, cybercriminals took advantage of citizens as they looked to their inboxes for unemployment information, stimulus payments and other transactions requiring Personally Identifiable Information (PII).

It is no wonder that cybersecurity, and more specifically multi-factor authentication (MFA) has become a top initiative for many counties across the nation.

Multi-factor Authentication Continues to be a Cybersecurity Best Practice

While many security measures are being put in place, MFA solutions are a cybersecurity best practice when it comes to securing access, whether it’s remote or on-premises, and reducing, even preventing cyberattacks. Some of the most common authentication methods that are used today include hardware tokens, push tokens and phone-based one-time passwords (OTPs).

However, what happens when our traditional MFA methods start to fail us?

Traditional MFA Methods Are Under Attack & Inconvenient

First traditional MFA methods are under attack. For example, in a recent article, on vice.com, a hacker was able to leverage a business text messaging service and for a mere $16 take over the victim’s phone number and intercept all of their SMS messages. These messages included those with OTPs for gaining access to secure accounts.

On the other side MFA methods remain inconvenient and disrupt employees and citizens as they complete day-to-day tasks. Both employees and citizens can become sources of cyber risk as they resist, avoid and refuse to adopt inconvenient MFA methods.

While best practices, and security architectures such as Zero Trust, require using MFA 100% of the time for 100% of all your users, if they won’t adopt it, that is impossible to achieve.

Modernize Your Multi-Factor Authentication Approach

So, it’s time to evolve your MFA approach and make sure it is capable of adapting to the future state of cyberattacks and the needs of your employees and citizens. 

Here are three recommendations for making sure your county’s MFA strategy is ready for the future: 

  • Apply advanced authentication approaches: this includes the use of contextual authentication and step-up authentication to be able to strike a better balance between security and convenience. Bringing in the context of the access request or the type of application being accessed can not only make it more difficult for cybercriminals to gain access, but also reward employees and citizens when they are requesting access appropriately.
     
  • Flexible Options are Essential: make sure you have multiple methods of authentication, and most importantly, that you are able to give multiple options to each user as they try to login. For example, if you have your security policy setup for citizens to login with an SMS-delivered OTP and they don’t have cell phone reception, what options do they have to log in? Offering a few different methods for each user to choose from, controlled by a security policy, is the best way to achieve flexibility and provide a convenient login experience. 
     
  • Include Biometrics: while biometrics have been adopted for certain use cases, such as election security, they have become a “must-have” for your MFA strategy. With successful cyberattacks on phone-based methods and the hassle of using methods such as hardware tokens, biometrics has become the most convenient and secure method according to recent research by Raconteur. With nothing to carry, remember, share, or have stolen, biometrics is an excellent authentication method to secure all access. 

It’s Time to Change

With the increase and evolution of cyberattacks, your multi-factor authentication strategy needs to adapt. The authentication methods, such as hardware tokens and phone-based OTPs, are starting to fail us. A modern MFA strategy needs to be considered that includes advanced authentication approaches, flexible options to give the user a sense of control, and the most secure and convenient authentication method – biometrics.

 

  • Basic page

    County Tech Xchange

    The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location which counties can use to improve their overall technology infrastructure.
    page

    <p>The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership.

  • Basic page

    TestIT: How Fast is Your Broadband

    NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.
    page

    <p>Accurate connectivity data is the foundation for investments in broadband infrastructure.

  • Basic page

    Telecommunications & Technology Steering Committee

    All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.
    page

    <p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info

Related Posts

Related Resources

More From