All too often LPLC is contacted by law firms with compromised email accounts. In almost all instances the infiltration would have been prevented had multifactor authentication (MFA) been enabled on the law firm’s devices and networks.
MFA requires a user to enter more than one piece of information or credential, in addition to a username and password, to verify identity and gain access to an account.
The Australian Cyber Security Centre have produced easy to understand, step-by-step guides for setting up MFA. There are many readily available MFA options. At a minimum, MFA can be enabled on Office 365 as well as most popular email and social media platforms including LinkedIn, Facebook, Instagram, WhatsApp, Gmail, Microsoft/Outlook Mail and iCloud. A search of the platform security and privacy settings will reveal simple steps to set it up.
MFA systems can be set up so that you are not required to enter an authentication every time an account is accessed, but instead only when you log in via a new device or IP address. So even if a cyber-criminal gets access to your password, they can’t access your account on their device without access to the extra factor sitting on your mobile phone or token.