Skip to main content
How Can We Help?
IT Services
Back
IT Consulting
Back
IT Strategy
Assessments
Audit Readiness
IT Governance & Security
Professional Services
Back
Project Implementation
IT Staff Augmentation
Development
Managed IT Services
Back
OnDemand Access
OnDemand Assurance
Technology Solutions
Back
Collaboration
Back
Unified Communications
Contact Center
Conferencing
Networking
Back
Enterprise Networking
Mobility & WiFi
IoT Network
Software Defined Networking
Data Center
Back
Data Center Networking
Compute
Converged Hyperconverged
Data Storage
Data Protection
Cloud Solutions
Cybersecurity
Back
Network Access Control
Endpoint Protection
Cloud Security
Identity Management
Threat Intelligence
Industries
Back
Healthcare
State & Local Government
Education
Manufacturing
Service Provider
Retail
Financial Services
Learning Center
Back
Blogs
Videos
eBooks
Tools
Pricing
About
Back
Our Company
Our Process
Why IE
Customer Experience
Corporate Social Responsibility
Partners
Events
Careers
Contact
MyIE Login
OnDemand Login
How Can We Help?

«  View All Posts

Understanding Multi-factor Authentication (MFA) Requirements for Cyber Insurance Blog Feature
Internetwork Engineering

By: Internetwork Engineering on April 21st, 2022

Print/Save as PDF

Understanding Multi-factor Authentication (MFA) Requirements for Cyber Insurance

Network Access Control | Cybersecurity | Identity Management

 

Do you have the multi-factor authentication (MFA) practices in place to help qualify for the cyber policies you need? While many cyber insurance policies require different MFA demands, there are a few commonalities you can use as a baseline to get started. Let's review.

What is MFA and How Do You Measure Successful Deployment?

Multi-factor Authentication or "MFA" refers to the use of two or more means of identification and access control using the following identification categories.

  • "Something you know" - (username, password, etc.)
  • "Something you have" - (verification codes sent via SMS or email, etc.)
  • "Something you are" - (biometric authentication: fingerprint or retina scan, etc.)

MFA is successfully embedded when at least two of these categories are required to verify a user's identity when they attempt to access systems.[1]

Where Should You Deploy MFA and Why?

Remote Network Access

Requiring MFA for remote network access can help reduce the potential for network compromise caused by lost or stolen passwords

Administrative Access

Requiring MFA for admin remotely and internally helps prevent intruders that have compromised an internal system from obtaining broader access

Remote Access to Email

Requiring MFA for remote access to email can help limit the potential for compromise to corporate email accounts caused by lost or stolen passwords.

Deploy Multi Factor Authentication

To Qualify for Certain Cyber Insurance Policies, MFA is Required for...

  • All employees when accessing email through a website or cloud-based services
  • All Remote Access to the network provided to employees, contractors, and 3rd party service providers
  • All Internal & Remote Admin access to:
    • Network Backup Environments
    • Network Infrastructure (firewalls, routers, switches, etc.)
    • Directory Services (active directory, LDAP, etc.)
    • The Organization’s Servers/Endpoints

Pro Tip: These are the minimum requirements for many lenders. But don't stop there! Please deploy MFA where it makes sense in your environment.

Need Help Meeting These MFA Requirements?

IE can help! Our security team offers Security Risk Assessments to identify gaps and vulnerabilities in your security posture. Additionally, we can create or refine your security policies and prepare you for new compliance requirements with our vCISO offering.

Still not sure? Get started with Cisco Secure Access by Duo for FREE to determine if it's the Multi-factor Authentication coverage you need!

TRY DUO FREE

*Sources:

[1] NIST