Protecting your password enabled applications
Lugo strongly advises that users who access online applications, in particular those that require a username and password, also use Multi-Factor Authentication (MFA) or 2-factor authentication (2FA).
This would generally relate to applications such as Microsoft 365 for example for gaining access to email or to other business critical applications.
Compromised email account information is one of the most commonly seen cyber security breaches. Once compromised, your emails can be monitored by cyber criminals and even used for targeted phishing attacks against your contacts. Such attacks can also badly affect the reputation of your business and damage your reputation with your clients.
MFA is one of the best forms of defence against your email username and password being stolen, in fact it would protect you from 98% of such cyber attacks.
In its simplest form after you have entered your username and password you cannot access your account until you receive a security code. This would normally be sent to a registered mobile phone number as a sequence of numbers, or generated through an authenticator app, such as Microsoft Authenticator. Once you have entered the code you will get access to your account.
If you have the option, always choose to authenticate through an app, rather than via text message, as a vulnerability in SMS messaging can let cyber criminals reroute text messages. An authenticator app on your smartphone generates codes that never travel through your mobile network, making this method of authentication more secure.
With increasing data protection regulation across sectors such as Housing Associations and Accountancy Lugo’s advice is that if you don’t have MFA enabled then, you really should.