Understanding Multi-factor Authentication (MFA) Requirements for Cyber Insurance

Network Access Control | Cybersecurity | Identity Management

 

Do you have the multi-factor authentication (MFA) practices in place to help qualify for the cyber policies you need? While many cyber insurance policies require different MFA demands, there are a few commonalities you can use as a baseline to get started. Let's review.

What is MFA and How Do You Measure Successful Deployment?

Multi-factor Authentication or "MFA" refers to the use of two or more means of identification and access control using the following identification categories.

  • "Something you know" - (username, password, etc.)
  • "Something you have" - (verification codes sent via SMS or email, etc.)
  • "Something you are" - (biometric authentication: fingerprint or retina scan, etc.)

MFA is successfully embedded when at least two of these categories are required to verify a user's identity when they attempt to access systems.[1]

Where Should You Deploy MFA and Why?

Remote Network Access

Requiring MFA for remote network access can help reduce the potential for network compromise caused by lost or stolen passwords

Administrative Access

Requiring MFA for admin remotely and internally helps prevent intruders that have compromised an internal system from obtaining broader access

Remote Access to Email

Requiring MFA for remote access to email can help limit the potential for compromise to corporate email accounts caused by lost or stolen passwords.

Deploy Multi Factor Authentication

To Qualify for Certain Cyber Insurance Policies, MFA is Required for...

  • All employees when accessing email through a website or cloud-based services
  • All Remote Access to the network provided to employees, contractors, and 3rd party service providers
  • All Internal & Remote Admin access to:
    • Network Backup Environments
    • Network Infrastructure (firewalls, routers, switches, etc.)
    • Directory Services (active directory, LDAP, etc.)
    • The Organization’s Servers/Endpoints

Pro Tip: These are the minimum requirements for many lenders. But don't stop there! Please deploy MFA where it makes sense in your environment.

Need Help Meeting These MFA Requirements?

IE can help! Our security team offers Security Risk Assessments to identify gaps and vulnerabilities in your security posture. Additionally, we can create or refine your security policies and prepare you for new compliance requirements with our vCISO offering.

Still not sure? Get started with Cisco Secure Access by Duo for FREE to determine if it's the Multi-factor Authentication coverage you need!

TRY DUO FREE

*Sources:

[1] NIST