How to Protect Executives with MFA Security

How to Protect Executives with MFA Security

As corporate leaders, your executives are highly visible representatives of the organization. The public knows the names of your executives and what roles they play. Likewise, hackers know the same information. Instead of taking the long path of breaking into multiple systems, a focused attacker merely needs to impersonate one of your executives to cause havoc. MFA security is one strategy you can use to keep your executives safe. Before we review the security solutions, it’s important to take a step back and understand the threat landscape.

What Security Threats Do Your Executives Face Today?

Why are hackers and others so interested in attacking executives? Unlike other employees, executives have considerable power in their organizations. This power may be formal, such as the ability to approve a budget increase or hire an employee. In other cases, executives can direct staff to provide sensitive information or pursue different protects. In many cases, executive user accounts have special privileges to corporate systems. That means gaining access to such accounts puts considerable power in the hands of hackers and other unauthorized users. Consider some of the types of threats that executives face.


With this threat type, an attacker sends an email, text message, or voice mail to an executive. The message contains misleading links or other information designed to obtain unauthorized access to the executive’s accounts and information. Since gaining access to an executive’s user accounts is potentially highly rewarding, some attackers practice “spear phishing,”  applying additional research and effort to make the attack appear credible. These attacks can be mitigated partly by equipping executives with robust security training.

Social Attacks

This type of security threat involves a phone call, visit, or another interaction with someone in the organization. For instance, posing as a facilities person or IT technician could give a determined hacker physical access to an executive’s office. Increasing physical security controls outside of standard business hours will help reduce this risk.

Physical Security Threats

Though less common, physical security is an area of concern for executives, especially during travel. If your executives travel to areas with high crime rates or weak law enforcement, consider additional steps to reduce your physical security (e.g., recommend the use of burner phones).

Theft or Lost Devices

Due to their hectic schedule, executives face tremendous pressure. Given that reality, occasional mistakes happen. If an executive loses a corporate IT asset, you need a game plan to mitigate that risk. For instance, you may use a remote data deletion service to reduce the likelihood of unauthorized data loss. If executives use USB devices, tablets, and other small hardware devices, keep in mind that such devices are even easier to lose. To mitigate this threat, minimize the use of small devices and discourage applying branding to company hardware (i.e., no company logos on USB keys).

The Path to Reduced Executive Risk Starts with MFA

It’s not possible to reduce or entirely eliminate the threats that executives face. The threat environment is going to evolve and continue to become more complicated. Don’t get overwhelmed! Instead, look for practical steps to protect your executives. Multi-Factor Authentication (MFA) is one of the best tools to keep your executives and company assets safe.

Empowering Your Executive Protection with More MFA Options

To protect your C Suite personnel, it’s reasonable to invest heavily in authentication protections. You might decide to require a password, SMS, and biometrics for your top five executives. From a technology standpoint, how do you put that into action? That’s where Avatier and FIDO2 come into play.

How Does FIDO2 Help with Authentication?

The problem with traditional approaches to MFA lies in the hardware. Remember the reality of daily life as an executive: they’re not always sitting around in the office. They’re traveling to meet with investors, reporters, and staff in various locations. Thus, an MFA solution based upon using unusual hardware will be of limited helpfulness. FIDO2 is an international authenticate standard that brings strong authentication protection to the web. By leveraging user-owned devices such as smartphones, FIDO2 reduces reliance upon traditional passwords. With FIDO2, you can provide MFA authentication quicker.

FIDO2 provides multi-factor authentication protection using common devices. For example, your executives can use their smartphone and PC to complete authentication. As a result, your executives can securely access corporate systems even when they’re out of the office elsewhere.

From a priority standpoint, you might apply MFA security to executives first. However, they’re not the only people you need to protect. As you scale up your MFA security, you need a software solution that can scale up.

Increased Support for MFA Providers Makes Multi-factor Authentication Easy

In addition to FIDO2, what other authentication options can you offer to employees?

  • One-Time Passcode (OTP): Available by SMS and email, OTP is an excellent way to authenticate users. For example, consider using OTPs for high-risk actions such as approving invoices over $100,000 to verify the approver’s identity.
  • YubiKey: With Avatier’s support for YubiKey, it’s easy to bring MFA security protection to any system.
  • Symantec VIP: Does your company rely upon a network of suppliers and third parties? If so, you need a robust process to make sure they don’t increase your security risk. By leveraging Symantec VIP, you can bring MFA security to your partners, suppliers, and customers.

Start Building Your MFA Security Business Case

You know the security risks your executives face. Now, it’s time to act. Schedule an hour on your calendar to review the state of security protection for your company’s executives. If they lack comprehensive MFA security protection, develop a business case to bring that protection to your organization.

Written by Nelson Cicchitto