How To Define The Role of MFA In Your Remote Work Policy

How To Define The Role of MFA In Your Remote Work Policy

There are a few ways to look at the meaning of MFA (multi-factor authentication). There is a simple technical definition of MFA, which we will cover next. That knowledge alone is not going to keep your company’s data safe. Instead, you need to develop your approach to MFA for your company’s situation. Specifically, you will find that multi-factor authentication has a vital role to play in enabling remote work.

MFA Meaning: A Practical Definition

The easiest way to define MFA is through an example. Have you ever been prompted to provide something more than a username and password to access an app or website? For example, your online banking may ask you security questions. Alternatively, you may be asked to enter a unique code sent to your smartphone by text message. These additional steps to log in are nothing more than multi-factor authentication.

MFA means multi-factor authentication, the process of using two or more factors of authentication. In practical terms, MFA means using a password and something else like a one-time passcode, a security question, or biometrics. MFA helps improve security because it is more challenging for a hacker to break both a password and another means of authentication. For example, you might lose track of a slip of paper with a password. However, users are less likely to lose their phone and a stray paper with passwords.

Resource: Quite a few companies use multi-factor authentication to keep customers safe. Find out more: Which Companies Use Multi-Factor Authentication With Their Customers?

Why Improve Your Remote Work Policy With MFA

Winning support for multi-factor authentication in a company can be challenging. Your executives probably have many technology project requests coming across their desk each month. Why should they support MFA instead of something else? It’s a good question!

The solution is to show how implementing multi-factor authentication matters to existing company priorities. For example, a significant percentage of your workforce may be working remotely right now. In that case, the company needs to implement appropriate safeguards to keep everybody safe in a remote environment. Updating your remote work policy with multi-factor authentication is a simple way to increase remote work security.

Tip: As you look at improving remote work security, other technologies can augment multi-factor authentication security like VPN security. Make time to evaluate those technologies to strengthen your security.

Checklist for MFA Implementation For Remote Work

Use this checklist to implement or enhance your multi-factor authentication for remote employees.

1. Assess Your Multi-Factor Authentication Current State

Before you implement changes to your identity and access management systems, you need more information. Conduct a review of your current usage of multi-factor authentication by using the following questions:

●    Does the company have training materials that explain how and why to use multi-factor authentication? When were these materials last updated?

● Do you have metrics or reporting showing how often MFA tools are used in your company?

●    What percentage of user accounts and apps are protected by MFA right now?

●    How does your MFA implementation align with the special challenges of remote work?

2. Rank Your Multi-Factor Authentication Gaps By Risk

Given your goal to improve remote work security and limited resources, you will have to choose carefully in this stage. For example, you may decide that increasing coverage to all of your Tier 1 apps is the top priority. The secondary priority will be to make multi-factor authentication easy for remote employees to use by enhancing training.

3. Determine MFA Hardware Needs

To make multi-factor authentication simple, consider whether you can use existing hardware your employees already have. For instance, you might have a policy of issuing phones to all employees. In that case, you can send one-time passcodes to employee phones as part of your multi-factor authentication program.

That said, multi-factor authentication should not rely on a single device. What if an employee’s smartphone is lost or broken? In that case, you will need an alternative authentication option, such as calling your help desk or using specialized hardware like the YUBI key.

4. Updating Your Company Policies

Multi-factor authentication tends to be more successful when it is supported by company policy. For remote work specifically, there are a few ways to emphasize multi-factor authentication. Start with the most straightforward option: Add multi-factor authentication as an expectation for remote work in your company’s IT security policy.

If you add an update to the company’s overall IT security policy, consider creating a standalone remote work policy. In either case, include the rationale for mandating multi-factor authentication in the policy. Adding MFA to your company security policies is a way to make security incidents less likely to occur.

5. Organize The Technology Project Team

Back in step one, you reviewed your company’s current state for multi-factor authentication. If you find your MFA implementation has minimal coverage, you may need to organize a project team to install a new solution. If required, reach out to a project manager in your company and ask them to develop a project plan to improve multi-factor authentication effectiveness for remote work.

6. Support Employees With Training and Tools

As multi-factor authentication has become more popular with consumer apps and banks, you still need to provide some training to your remote employees. Specifically, train them on the different authentication options (e.g., password, security questions, one-time codes sent to a phone) and how they can be used in a remote work environment.

7. Measuring Your MFA Program

After you have updated your policies, training and technology, the project work for multi-factor authentication is done. At this stage, you can transition over to monitoring. To measure your MFA program effectiveness for remote work, consider the following points:

● What percentage of remote employees are using multi-factor authentication each day?

● Have you tested the less-popular authentication options (e.g., most employees may rely on their phone, but it is worth testing your other authentication options)?

● Are you regularly seeking feedback from managers and users on security and the login process? If users complain about lost productivity due to IT security, you may need to install a single sign-on software solution next.

Written by Nelson Cicchitto