Cybersecurity Awareness September 2025


Article Body

NEED TO KNOW NEWSLETTER September 2025

Multi-Factor Authentication(MFA)


Multi-factor authentication (MFA) is a layered approach to securing information.


What is MFA?
Multi-factor authentication (MFA) is a security method that requires users to present multiple forms of authentication to confirm their identity during login.

Why MFA matters.
MFA significantly reduces the risk of unauthorized access to valuable information systems, such as email, remote access tools, or billing platforms, even if passwords or PINs are exposed through phishing or other methods.

By embracing MFA, you’re taking a proactive step toward safeguarding your online identity. It’s not just about preventing unauthorized access; it’s about giving yourself peace of mind.

With MFA, even if one piece of your security is compromised, the next layer stands firm. It’s like setting up multiple lines of defense in a game, where each new layer makes you stronger and more resilient.

How does MFA work?

MFA requires users to provide two or more authentication factors before accessing a system. Each additional factor enhances security. Common MFA factors include:

  1. Something you know: A password or PIN.
    Example: entering your username and password (the first factor).
  2. Something you have: A smart card, mobile token, or phone authenticator.
    Example: you receive a one-time code sent to your mobile phone via SMS or an app (the second factor).
  3. Something you are: A biometric identifier, like a fingerprint or voice recognition.

Even if someone knows your username and password, they will still need access to your phone to retrieve the code and complete the login. Without both factors, the attacker cannot gain entry. This layered approach makes unauthorized access far more complex.


Safety Tips.

  • Know what to look for: Become familiar with MFA attacks so you feel prepared if you encounter one.
  • Know how to react: If you think you are being attacked, report the situation to the proper team and immediately change your password(s).
  • Stay alert: With the amount of logging in and out each day, security can easily slip your mind!
  • Stay engaged: By regularly updating your awareness, knowledge, and skills, you are better equipped to stay ahead of the threat actors

 

Attacks making headlines

CashApp — Insider threat.
In April 2022, a disgruntled former employee hacked into CashApp’s servers. They managed to access customer data, stock trading records, valuable financial information, and much more.

Uber — Social Engineering
In September 2022, an 18-year-old hacker deceived their way into one of the largest ride-share companies. Uber stated that the hacker got a contractor's login information and bypassed the company's two-factor authentication.

Nvidia — Ransomware
In March 2022, the hacking group Lapsus$ claimed responsibility for holding Nvidia's proprietary data hostage. The widely used US computer chip-making
company hired a group of cybersecurity experts to help respond to the major attack.