Multi-factor authentication refers to the use of two or more means of identification and access control-sometimes referred to as "something you know, something you have, or something you are." A username and password, for example, is something you know. Requiring a code sent via text message (SMS) establishes "something you have," i.e., a mobile phone belonging to you. Biometric authentication, through a fingerprint or retina scan, establishes "something you are." Multi-factor authentication is successfully enabled when at least two of these categories of identification are required in order to successfully verify a user's identity when accessing systems.
Multi-Factor Authentication for Remote Network Access
Requiring multi-factor authentication for remote network access is an important security control that can help reduce the potential for a network compromise caused by lost or stolen passwords. Without this control an intruder can gain access to an insured's network in a similar manner to an authorized user.
Multi-Factor Authentication for Administrative Access
Requiring multi-factor authentication for both remote and internal access to administrative accounts helps to prevent intruders that have compromised an internal system from elevating privileges and obtaining broader access to a compromised network. The existence of this control can prevent an intruder from gaining the level of access necessary to successfully deploy ransomware across the network.
Multi-Factor Authentication for Remote Access to Email
Requiring multi-factor authentication for remote access to email can help reduce the potential for a compromise to corporate email accounts caused by lost or stolen passwords. Without this control an intruder can easily gain access to a user's corporate email account. Threat actors often use this access to perpetrate various cyber crime schemes against the impacted organization and its clients and customers.
The controls described above and listed below are the minimum controls that must be in place in order to be eligible for a Cyber policy. Because of the importance of the controls in preventing ransomware attacks the following attestation should be completed with the assistance of the person(s) in charge of IT security. If IT security is outsourced to a managed security provider or other 3rd party please complete the attestation below with their assistance.
Share this page using the link below:
Want to learn how digital forms can help modernize your agency? Sign up for our Newsletter here: