With the rise of cybersecurity incidents and ransomware attacks here in NZ, it’s no surprise many companies are opting for cyber insurance.
In a recent article, WatchGuard highlighted that Multi-Factor Authentication (MFA) is now a prerequisite for cyber insurance in many parts of the world. This requires users to authenticate their identity using an alternate form of verification (e.g. app push confirmation, or one-time password) along with their usual password, before accessing certain files or systems.
As their MSP, your clients will be turning to you to assist them during this process. While there are still policies available in New Zealand that do not require MFA, it’ll definitely help lower their premium and avoid having their claim declined; all while adding an extra layer of security to their infrastructure. Based on WatchGuard’s research, here is a list of assets that require MFA protection for cyber insurance:
- Email access – Emails are the main tool used to reset passwords for applications and online services. When a mailbox is comprised, the attacker could go to each application and reset your password to gain access to those applications.
- Remote access/VPN – Any user login that has access to a server or resource from outside the network needs to authenticate via MFA to ensure their identity.
- Admin logins – admin credentials for servers, firewalls and network devices can be disastrous if compromised, as seen by the high-profile attacks from 2020/21. These attacks involved compromised admin credentials, which could have been prevented by enforcing MFA on these logins. Privileged Access Management (PAM) is a common topic when talking about securing admin credentials, however is outside the scope of this blog post.
- Sensitive data – access to databases containing sensitive information such as user information, medical records, or credit card information will also need to be secured by MFA. This will also be a hot topic once the new privacy laws come into effect. Make sure there’s a defined policy where only the required people have access to these sensitive data databases.
Finally, a MFA attestation document is required. This is a document that lists which assets are protected by MFA, and signed by an executive officer. If a breach occurs and the assets weren’t protected by MFA, then the claim may not be honoured!
With all of that said, if you need a MFA solution to recommend and deploy to your client base, take a look at WatchGuard’s AuthPoint. It’s a powerful, yet easy to deploy and use, MFA solution.
AuthPoint provides secure alternative authentication methods such as push message, QR code scan, or one-time password (OTP). You can also add third party OTP tokens, allowing you to replace other authenticator apps on your phone. This makes AuthPoint an one-stop app for all your MFA needs!
If you’d like to read the WatchGuard article that highlights MFA, click here.
Reach out to us today to try AuthPoint, and start protecting your clients.