Skip to main content

This news item was updated 11/01/2024

All too often LPLC is contacted by law firms with compromised email accounts. In almost all instances the infiltration would have been prevented had multifactor authentication (MFA) been enabled on the law firm’s devices and networks.

MFA requires a user to enter more than one piece of information or credential, in addition to a username and password, to verify identity and gain access to an account.

The Australian Cyber Security Centre have produced easy to understand, resources to assist you with understanding and implementing MFA. Protect Yourself: Multi-Factor Authentication and Small Business Cloud Security Guides are two resources that provide helpful information.

There are many readily available MFA options that can be implemented. At a minimum, MFA can be enabled on Office 365 as well as most popular email programs and services. Social media platforms including LinkedIn, Facebook, Instagram, WhatsApp, Gmail, Microsoft/Outlook Mail and iCloud also provide MFA options. A search of the platform’s security and privacy settings will reveal the required steps to set it up.

MFA systems can be set up so that you are not required to enter an authentication every time an account is accessed, but instead only when you log in via a new device or IP address. So even if a cyber-criminal gets access to your password, they can’t access your account on their device without access to the extra factor sitting on your mobile phone or token. It should be noted that some legacy systems may not support MFA. Always consult with your IT consultant should you require assistance.

TOP