In August of 2021, CISA added "Single Factor Authentication" to its list of practices it considers "exceptionally risky" as it exposes you to an "unnecessary risk from threat actors". As a result, you may start to see requests from multiple sources to implement multi-factor authentication (MFA) strategies.
Your district auditors and the NYS Comptroller’s Office technology auditors are most likely talking to you about your MFA strategies and beginning to cite you in their reports for not having a comprehensive plan.
Cyber insurance carriers for many school districts have been requesting an MFA plan before renewing districts’ cyber insurance. Without one it could be possible that you will be unable to renew your existing insurance at your current level of coverage.
A joint study by Google, New York University, and the University of California San Diego found that using MFA can block up to 100% of automated bots, 99% of bulk phishing attacks, and roughly 66% of targeted attacks. Microsoft and the FBI have said that approximately 99% of the attacks are thwarted by implementing MFA.
As you can see, not only will MFA help keep you safer, but it will keep you ahead of requirements handed down from outside sources. There are many different methods for implementing MFA in your district. Talk to your Tech Director about what you might already be doing, and what he/she recommends. We are happy to discuss options with you as well.
This week’s suggestion:
- Talk to your Tech Director about how you are currently using MFA and if there is a need to expand usage
- Continue (or start) the process of coming into line with the NIST Cybersecurity Framework guidelines
Next week’s bulletin will discuss “Cyber Attack - Are you as protected as you think you are? (Part Five – Disaster Recovery)”
If you would like more information on implementing MFA in your district or navigating the NIST CSF journey, please contact Lisa MacDougall at lmacdougall@csiny.com or call 845.897.9480.