Multifactor authentication is a must for defending against cyberattacks at colleges and universities. But what happens when those extra layers of security start to wear people down? That’s MFA fatigue. It’s the frustration that users feel when they’re repeatedly hit with MFA prompts, and attackers are ready to exploit this.
Why Higher Ed Is a Prime Target for Cyberattacks
Higher education institutions are, unfortunately, a favorite target for malicious actors for a few reasons. First, student data is incredibly valuable; it contains personal health information and financial details that can be sold on the black market. Second, the open and supportive nature of higher education environments can lead to employees being more susceptible to phishing attempts.
The good news is that you don’t have to choose between frustrating your staff and leaving the door open to hackers. Here are some ways to fight MFA fatigue.
Get Smarter With Risk-Based Authentication
Not every login needs MFA. Adapt your process to risk level. Low-risk actions shouldn’t need them, saving your staff the hassle.
Teach Staff How To Identify Suspicious Requests
People are your first line of defense. Teach staff, educators and administrators the value of MFA, how to identify suspicious requests and why higher education is such a tempting target for cyberattackers.
Consider Security Keys or Biometrics
Look into advanced standards, such as Fast IDentity Online 2, or FIDO2, that use security keys or built-in biometrics. These are harder to fake and less annoying for users.
Explore Alternative Notifications
Push notifications are simple to set up but are the easiest to abuse. Explore alternatives, such as one-time codes or hardware tokens.
EXPLORE: Learn how to execute an incident response plan.
Have a Plan for When Cyberattacks Happen
Train staff on how to report attacks related to MFA fatigue. Swift action can drastically limit the damage. And don’t authenticate employees into oblivion. To limit unnecessary prompts, adapt their frequency based on user history.
Offer Clear Explanations To Avoid MFA Fatigue
Give context with MFA requests, such as device or location. A little information helps people make better decisions.
Combatting MFA Fatigue Is Not Just About the Tech
Ultimately, it’s a balancing act. MFA fatigue highlights the fact that good cybersecurity isn’t only technical. It’s about making security work with your staffers, not against them.
Source link
#MFA #Fatigue #Growing #Headache #Universities #Combat