Why You Should Use Multi-Factor Authentication (MFA) with NetDocuments
Whether your organization is a law firm, a financial services firm, a corporate legal team, or another line of business, your documents and data are valuable to your operation. For the same reason that information is valuable to you, it is also very valuable to criminals and hackers. This data very often includes financial information, health information, criminal records, patent specifications, merger and acquisition plans, and other information that could be used maliciously for the enrichment of potential hackers. Bloomberg reports:
The rate of global weekly cyberattacks rose by 7% in the first financial quarter of 2023 compared with the same period in 2022, according to an April report by cybersecurity firm Checkpoint Research.
Organizations faced an average of 1,248 attacks a week, Checkpoint found. One out of every 40 of the attacks targeted a law firm or insurance provider, the report said.
More than a quarter of law firms in a 2022 American Bar Association survey said they had experienced a data breach, up 2% from the previous year.
While NetDocuments has best-in-class security and multiple layers of encryption protecting the documents and data your organization stores, all that security is null and void should a user at your firm use a weak password or should their password be hacked. Two-thirds of Americans use the same password across multiple accounts (Google / Harris Poll) and 30% of internet users have experienced security breaches due to weak passwords (GoodFirms).
What can you do as an organization to protect your company against poor password habits of users? The answer is to make use of Multi-Factor Authentication (MFA). With MFA enabled with NetDocuments, users will be forced to make use of an authentication factor other than just their username and password, something such as a notification on their mobile device which allows them to approve the login or a message on their mobile device with a numeric code which must be entered to complete the authentication. While this additional step may seem silly or simple, Microsoft reports that the use of MFA blocks nearly 100% of automated attacks.
With all your organization’s valuable data stored with NetDocuments, Element strongly recommends that you make use of Multi-Factor Authentication for logging in to the NetDocuments cloud. NetDocuments supports integration with identity providers for MFA which your organization may already use, such as Azure Active Directory, Okta, OneLogin, Duo, WatchGuard AuthPoint, and most other SAML 2.0 compliant identity providers. These identity providers can be used to secure more than just NetDocuments with MFA. Services such as email via Office 365, VPN access, cloud Practice Management or Time and Billing Systems, and many other services that require a login can be secured with these identity providers. In addition, some of these identity providers support what is known as conditional access, such that if a user is logging in from your organization’s office network, they will not be required to approve the MFA. However, if they are working from home or traveling and logging in from someplace other than your office network, they will be required to approve the MFA before they will be able to access data stored with NetDocuments.
At a minimum, we strongly recommend the use of the Multi-Factor Authentication functionality which is built into the NetDocuments platform. This built-in MFA functionality, while not as robust as using a third-party identity provider which can protect other solutions as well as NetDocuments, does a fantastic job of protecting your organization’s data stored with NetDocuments. To make use of the built-in functionality, users would use an authenticator app on their mobile device such as Microsoft Authenticator, Google Authenticator, Authy, or any other TOTP-compliant authentication app. When logging into NetDocuments, they would enter the code generated from the authentication app in addition to their username and password before they would be able to log in to NetDocuments.
By producing and holding valuable data, it is your organization’s responsibility to do everything in your power to protect that data. You may very well be subject to requirements from governmental organizations, bar associations, your clients, or your cybersecurity insurance provider which require the use of MFA to protect data stored in the cloud. In fact, Bloomberg reports that law firms are facing suits for failing to protect their client data. Are the few extra seconds it takes to log into NetDocuments worth the potential risk to your organization?
[email protected] · (888) 312-7117
