Month: November 2023

Strengthening Security with Multi-Factor Authentication

Posted on by Josh Mantle

In today’s digital era, safeguarding the security of your online accounts and sensitive data is crucial. The conventional username and password combo, once seen as a robust security measure, no longer provides sufficient protection. As cyber threats continue to evolve, becoming ever more sophisticated, it’s high time to embrace Multi-Factor Authentication (MFA) to fortify your digital defences. 

What Exactly is Multi-Factor Authentication (MFA)? 

Multi-Factor Authentication, often known as MFA or 2FA (Two-Factor Authentication), necessitates users providing two or more forms of identification before gaining access to an account or system. This introduces an additional layer of security beyond the traditional username and password, making it considerably more challenging for unauthorised individuals to gain access. 

How Does MFA Function? 

MFA typically incorporates three distinct authentication factors: 

  • Something You Know: This corresponds to the conventional username and password. It’s the knowledge-based factor and serves as the initial line of defence. 
  • Something You Have: This can be a physical device like a smartphone or a hardware token. Following the input of your username and password, you’ll be required to provide a code generated by the device or received through a mobile app or SMS. 
  • Something You Are: This refers to biometric authentication, such as fingerprint recognition, retina scanning, or facial recognition. The inclusion of biometrics enhances security significantly. 

The Benefits of MFA 

  • Heightened Security: MFA substantially minimises the risk of unauthorised access, even if an intruder manages to acquire your password. They would still need access to your second-factor authentication method. 
  • Resilience Against Phishing: MFA serves as a robust defence against phishing attacks. Even if you inadvertently disclose your password to a fraudulent website, the attacker will still require your second-factor authentication. 
  • Compliance Obligations: Many regulatory frameworks and industry standards, such as GDPR and HIPAA, mandate the implementation of MFA to safeguard sensitive information. 
  • User-Friendly Experience: Modern MFA solutions are designed to be user-friendly and convenient. Mobile apps and biometric methods have streamlined the process for users. 

Deploying MFA Within Your Organisation 

To effectively implement MFA within your organisation, consider the following steps: 

  • Select the Most Appropriate MFA Method: Choose the MFA methods that align with your organisation’s specific requirements. Options include SMS-based codes, mobile apps like Google Authenticator, or hardware tokens. 
  • Educate Your Users: Provide comprehensive training and guidance to your employees or users on setting up and using MFA. Ensure they appreciate the significance of this additional layer of security. 
  • Continuous Testing and Monitoring: Regularly assess your MFA system and closely monitor for any suspicious activity. Be prepared to respond swiftly to any security incidents. 
  • Explore Adaptive Authentication: Certain MFA solutions offer adaptive authentication, which evaluates the risk level of login attempts and adapts the authentication requirements accordingly. 

In conclusion, Multi-Factor Authentication stands as a vital tool for safeguarding your digital assets in a progressively perilous online landscape. By incorporating MFA, you can significantly elevate your security posture and diminish the risk of unauthorised access to your accounts and systems. Stay one step ahead of cyber threats and make MFA an integral component of your cybersecurity strategy today. 

Want to learn more about MFA? Listen to a recent Tech Takeaway episode titled – The Evolution Of MFA

If your organisation needs help in deploying MFA, please feel free to contact our team by filling out a contact form by clicking the ‘contact us’ button in the top right of the page. Alternatively, you can email us at, sales@gardnersystems.co.uk and a member of the team will be in touch.  

 

CTO Insights November Newsletter

Posted on by Josh Mantle

Welcome to this latest CTO Insights November newsletter, it has been a hectic time recently so please excuse the extended gap between editions. I’m sure you are keen to know what’s been catching my attention since we last spoke? 

Something new

Welcome to this latest CTO Insights November newsletter, it has been a hectic time recently so please excuse the extended gap between editions. I’m sure you are keen to know what’s been catching my attention since we last spoke

As a CTO I’m always looking for new crazy ideas to share information, and here’s one of them, our new CTO Insights videos! This series of videos sees me chat with an industry expert about a particular topic. First is Jon Hope, Senior Technologist at Sophos. Jon joined me for a wide ranging chat about the current state of cyber security and what the future holds. 

The overall chat is around 30 minutes, but to make life a little easier I’ve broken it down into bite size 5 minute videos. 

The first two of these (alongside the longer version) are available for you now. 

In part one we discuss the recently released Sophos Ransomware Threat report and what it means for CTO/CISOs and whether paying ransoms is ever the right thing to do. 

You’ll find part one here. 

In part two, we discuss the inevitability of attacks, how attacks have modified into double and triple “dip” attacks and what to do about them. We also discuss incident response plans and why it’s essential to have them.  

I’d love your feedback on the format and what topics you’d like me to cover in future videos. 

Looking after your security team

Back in mid-September I attended a Future of Cybersecurity event in Manchester. There was the usual mix of vendors and presentations. But two in particularly caught my attention as they discussed Cybersecurity wellbeing. The sessions shared a couple of troubling facts.  

  • Gartner reported 25% of Cyber Security Leaders will change careers by 2025 due to burnout. 
  • Forrester reported that of IT security staff 66% of them felt they were suffering stress and of those a further 50% were taking medication to help. 

Those statistics are not things we can accept, and we cannot shrug our shoulders and hope it gets better. Even from the most basic of business views, it is untenable as over stressed staff are more likely to make mistakes and when it comes to cybersecurity it is mistakes that threat actors prey on.  

How do we remove stress from our team? I imagine there is no easy answer and I’m not going to try to give one, but I did find a couple of good tips in this Watchguard Blog. 

End user education – Education can help reduce threats and incidents and therefore the burden on your security teams. 

Automation – Automate repetitive and time-consuming tasks so the team can stay focused on the priority areas. 

Consolidation – Reducing the amount of technology vendors in your security suite, this can help both reduce risks caused by gaps between tools and also improve operations by allowing more to be achieved within a single platform. 

There’s a couple of other additions I’d consider. 

Managed Services and AI – Managed solutions such as MDR can help greatly reduce the burden on security teams, providing them with experienced security team on hand 24×7. It’s also worth looking at how vendors are using AI to reduce time consuming tasks and help prioritise risk and threats. 

Security Culture – Build as positive a security culture as you can, make sure both your staff and your security teams feel that they are taken seriously, listened too and supported and if the worst happens, there will be no scapegoating. Security is too complex to expect perfection, so let’s not apply pressure by thinking that it is. 

Your Copilot to the future 

Welcome to this latest CTO Insights November newsletter, it has been a hectic time recently so please excuse the extended gap between editions. I’m sure you are keen to know what’s been catching my attention since we last spoke

Back in October I attended Microsoft’s Envision conference in London. Which brought out the Microsoft “big guns” none bigger than CEO Satya Nadella (Seen here with UK CEO Clare Barclay). The event was focused on Microsoft’s Copilot technology. Copilot is the product name for its integration of generative AI throughout its Cloud Platforms. This ranges from the generally accessible Bing Chat service, which provides you with GPT 4 powered integration with its search engine, through to its subscription add on services like integrating data sets for building learning model and its soon to be available Security Copilot. 

Copilot is interesting, as it is likley to be the first fully enterprise managed, large scale AI that many businesses will see. It will be baked into everyday tasks, from content creation to summarising long documents and Teams meetings. It is this, in a common everyday application like Microsoft 365, which is likley to bring business AI to the masses. I’m fascinated to see how this will be adopted and were it will lead to both innovation and better understanding of risks. We recently did a Tech Takeaways Episode – Exploring the Horizon with Microsoft Copilot discussing a little more about Copilot and its potential impact. 

I’d be interested to hear from others about your thoughts and plans for Copilot, so do please share them. 

That’s all for this edition of the newsletter, I have a couple of week’s of travel coming up, with a little holiday in Denmark before setting off to London for BlackHat Europe, so if you are going to be at the event, let me know. 

Look out for the next CTO Insight Newsletter coming soon.  

Free Security Audit

Get a 1 hour FREE security audit!

Get in touch