Pause To Consider: Multi-factor Authentication

Fortified Cybersecurity Awareness Month

With passwords becoming routinely compromised and users frequently concerned with memorizing lengthy and complex passwords, multi-factor authentication or MFA is becoming increasingly popular. However, the implementation of MFA solutions is not always properly executed to maximize efficiency and effectiveness. When implementing MFA, pause to consider:

Have you identified the most exposed resources of your environment?

It may come as no surprise that the public-facing or external resources are, in fact, the most exposed resources for any single organization. Attacks against these systems and services can originate from anywhere. Nation-state threats, cyber terrorists, hacktivists, and many others can presumably all touch and interact with the public environment and that means they can attack those resources.

Who has access to public resources?

In a hospital environment, even affiliates such as vendors and doctors might have an avenue of access to certain organizational systems. Citrix, VPNs, Email, custom web applications, etc., need to be available for remote work but arguably many of these do not need to be accessed by the general public. Since IP whitelisting can be an immense task, these would greatly benefit from having an additional method of authentication in order to gain access.

Have you considered the perimeter network?

Many healthcare organizations will focus MFA implementation on the internal network and for obvious reasons. The issue is that the internal implementation can be such an involved task, the external resources are forgotten and left unprotected.

Fortified Health Security helps healthcare organizations utilize technology to minimize organization-wide risk. Want to hear more? Contact Fortified Health Security today.

Fortified Health Security is committed to strengthening the security posture of healthcare organizations.  In the spirit of Cybersecurity Awareness month, we will be posting daily information for you to consider when maintaining your organization’s cybersecurity program.