Cybersecurity Awareness: Multi-Factor Authentication
As a HIPAA-covered organization or business associate, you should set basic safeguards around your electronic protected health information (ePHI) so that it stays private and secure. Therefore, to celebrate National Cybersecurity Awareness Month (NCSAM), we will continue to focus on the basics of security. The last post covered patch management tips and showed how failing to patch software can lead to a major breach. Multi-factor authentication (MFA) is another important safeguard you can easily use to secure your data.
What is Multi-Factor Authentication?
MFA is when you use two or more credentials to access your information. The three types of credentials are:
- Something you know, or “knowledge factor.” You enter a password, passcode, or passphrase that only you know (Helpful Hint: don’t leave it on a sticky note).
- Something you have, or “possession factor.” You use a physical key or keycard with a personal identification number (PIN) assigned only to you.
- Something you are, or “inherence factor.” You use a biological trait to identify yourself, including fingerprints, hand geometry, retina or iris, and voice.
Using several types of credentials is the most secure way to check if a person can access ePHI. If someone steals your keycard, they still can’t access the system because they don’t know the passcode.
Basically, MFA adds layers to the process of accessing private information. Because it’s easy and reliable, you should use MFA on any devices/systems that handle ePHI. For more NCSAM security advice, see this short list of tips from the U.S. Department of Health and Human Services.
Furthermore, to help you and your team manage security compliance, HIPAAtrek sends automatic reminders about login monitoring, password management, and malicious software. Learn more about how HIPAAtrek can help you simplify your HIPAA compliance program.