Multifactor Authentication

  • Author | Heather Hughes
  • 1/5/2023 7:10 am

Every day we hear of a new cyberattack in the news. From private businesses to public infrastructure, utility companies and banking institutions — no one is spared from this threat. Unfortunately, the strength of your password alone is not enough to protect your organization’s sensitive data and systems from a cyberattack.

Multifactor authentication is a tool implemented by many companies and organizations to protect data, systems and financial information. Multifactor authentication creates an added layer of security by requiring the user to have a password, along with a secondary way to verify the user’s identity. This could be a code texted to your phone, a token that generates a PIN or even facial recognition.

Generally, there are three categories of information used in multifactor authentication:

Something You Know is a security question. A common example is answering a question such as “In what city were you born?” or “What is your mother’s maiden name?” when signing in from an unknown device.

Something You Have are codes texted or emailed to your device or the email address associated with an account. This type of multifactor authentication can also include a PIN that is transmitted to a token you carry with you. Each time you log in, a new PIN or code is required, along with your password.

Something You Are includes biometric identification like facial recognition or fingerprints.

Because public entities are some of the most frequent targets of cyberattacks, free resources are available specifically for them through the Center for Internet Security and the Multi-State Information Sharing & Analysis Center (MS-ISAC).

The MS-ISAC offers memberships to local governments, allowing them to access cybersecurity advisory bulletins and notifications, secure portals for communication and document sharing, incident response services, and awareness and education materials. More information about the Center for Internet Security and MS-ISAC can be found on their website.

Public Entity Partners encourages our members to utilize all protective tools and resources at their disposal, including multi-factor authentication, to protect their networks and information. Coverage for cyber risks in the commercial marketplace and the reinsurance market has seen increasing requirements for added cyber resilience.   

PE Partners provides an optional Privacy and Network Liability coverage as well as a Cyber Extension option. The Cyber Extension is designed to provide coverage to members who are impacted by ransomware, social engineering and the necessary data restoration expenses. The first step for obtaining that coverage is to ensure that you are putting sound cyber risk management practices in place to protect your organization.

With each Privacy & Network Liability and Cyber Extension application, our underwriting department evaluates whether your entity:

  • Has a written policy that defines the sensitive information that you collect and hold
  • Regularly trains employees on how to identify and protect sensitive / restricted information
  • Regularly trains employees on how to recognize and avoid malware emails and the dangers of clicking on links or attachments
  • Maintains firewalls and up-to-date virus and malware protection on ALL devices (PCs, servers, tablets, phones, etc.)
  • Backs up your data at least once a week at a location that is isolated from your network
  • Has a policy regarding the transfer of funds based on an email request
  • Is utilizing a current operating system, and regularly updates and patches software 

The goal behind these criteria is to have a clear plan of how to handle a network security breach or cyberattack before you are faced with an event.

If you would like to find out more about the Privacy & Network Liability coverage and the Cyber Extension, or to determine if your entity may qualify for coverage, please reach out to your regional Member Services Representative.