One effective way to improve your organization’s security: Have your CEO use multifactor authentication—and highlight that to your entire team.
When COVID-19 vaccines first saw wide release earlier this year, one tactic used to convince people to get them was to have several former presidents and first ladies get the vaccine on camera to highlight its safety and effectiveness.
A similar ploy could help your association’s employees take cybersecurity seriously, and you can start with the way the CEO logs in.
During the “Things That Go ‘Bump’ in the Night: A Cybersecurity Town Hall” session at last week’s ASAE Annual Meeting, speakers made the case that multifactor authentication needed more emphasis at the executive level.
“I’m kind of just holding a mirror up for fellow CEOs to ask some honest questions about how they’re running their organization,” said Christina Lewellen, executive director of the Association of Technology Leaders in Independent Schools.
What’s the Strategy?
During the session, Lewellen said that it was important for CEOs to set an example with multifactor authentication by both following the standards and collaborating with technology employees on prudent security standards.
“Set a good example for your organization; work with your tech team to make decisions,” she said. “You know, you don’t want it to be cumbersome, but you do want to make sure your organization is protected.”
Why Is It Effective?
Multifactor authentication is a common security mechanism used to tie a person’s identity to a specific device. And it is effective at keeping accounts safe, with one Microsoft study finding it stopped 99.9 percent of attacks. Just one problem: End users see it as annoying.
Carlos Cardenas, director of information technology with the National Board of Certification & Recertification for Nurse Anesthetists, said during the session that it’s a basic security tool that is immensely valuable to the organization as a whole, but that people still view it as a hindrance.
“I think that’s the perception and why people might shy away from it,” Cardenas said.
What’s the Potential?
Lewellen notes that executives playing a role in selling multifactor authentication to the rest of the staff will also benefit the organization in another way: They will help protect the most sensitive accounts within an organization, which are inevitably tied to leadership.
“The financial positions, the chief executive officer, those are the ones getting targeted for the hacks and phishing scams,” she says. “So it has to start at the top.”