Passwords alone are no longer enough to protect accountancy firms from the increasingly prevalent threat posed by cyber criminals, with everything from phishing to brute force being resorted to by cyber attackers to access confidential information and steal funds.
Serving as just one answer to the high demands of modern cyber security, multi-factor authentication (MFA) has becoming an absolute necessity in recent years due to its ability to build additional defences on top of traditional passwords, creating a safer online environment for accountants and accountancy firms alike.
Multi-factor authentication is an enhanced security system which provides further barriers to login verification on top of a password. This extra layer of security makes it much more difficult for unauthorised users or cyber criminals to access an account, as it creates more hurdles for attackers to compromise and overcome.
Instead of just using something you know, a password, MFA requires the provision of one or more additional authentication factors. This is usually either something you have, such as mobile phone access, something you are, such as using biometrics (like a fingerprint) or facial recognition, or both together.
Multifactor Authentication is constantly developing to keep up with the pace of cyber threats. Whilst earlier forms of multifactor authentication such as a text message of using a code on a phone-based app were considered secure, today this can be easily bypassed by criminals. Today, biometric methods should be considered the minimum standard where available or even better, use of hardware keys.
Accountancy firms handle a huge quantity of sensitive financial data including personal client information, financial statements, tax records, and more. This is a prime target of cybercrime, with the cost of cybercrime on accountancy firms including not only direct financial damages but also remediation costs and reputational damage, along with the potential for business interruption and loss of client trust.
Requiring multiple forms of verification makes it significantly harder for cybercriminals to access sensitive information. As such, multi-factor authentication is an unignorable tool for enhanced security and data protection. Integrating multi-factor authentication is a prime way for accountancy firms to add another layer of protection for their firm, providing peace of mind both for the accountancy firm and for its clients, too.
Whilst multi-factor authentication isn’t mandated by law, it is highly recommended by the government. With organisations increasingly storing their corporate sensitive data online, including in the cloud or on a network accessible through a remote connection, the importance and necessity of multi-factor authentication has become crystal clear.
The National Cyber Security Centre, the government’s computer security threats organisation, has published guidance that “authenticating a user to an online service using only a password is not strong enough to protect any sensitive data”. It advises that administrators implement multi-factor authentication to provide enhanced data protection.
Additionally the Information Commissioner’s Office has made it clear that having multifactor authentication in place is a minimum requirement for protecting personal data. They have already issued significant fines to accountancy firms who have not had MFA in place and had a data breach and have indicated that they will continue to issue fines as an enforcement tool in the future.