Over 60% of data breaches can be traced to weak credentials. Employees reuse passwords or create ones that are easy to remember. Many employees add a number to their passwords and increment them each time they are forced to make a password change. These practices make it easy for hackers to gain access to a network. That’s why many practices are moving to two-factor authentication to protect their network.
What Is Two-Factor Authentication?
Two-factor authentication (2FA) is a subset of multi-factor authentication (MFA), which is a security system that requires more than a single credential such as a password to verify a user’s identity. Multi-factor authentication requires that credentials be taken from the following categories:
- Something known to the user, such as a PIN or password
- Something owned by the user, such as a smartphone or smart card
- Some characteristics of the user, such as a fingerprint or voice
For two-factor authentication, two of the three categories are used. The authentication process is called three-factor authentication (3FA) if all three categories are required.
When you use your debit or credit card at an ATM, you are using two-factor authentication because you must use something you own — your card — and something you know — your PIN.
What Are the Benefits of 2FA?
Multi-factor authentication provides dental practices with increased security from cyberattacks and data breaches. Once implemented, the process can save time, money, and frustration from forgotten passwords and never-ending password changes.
Improve Security and Protect Sensitive Information
According to Google, adding either 2FA or 3FA can prevent 75% of targeted attacks and over 95% of phishing attempts. That can save dental practices thousands in recovery costs if a breach occurs. Although most people assume that most costs are incurred immediately after a compromise, IBM’s latest data breach cost report found that recovery costs are not limited to a single year but are spread over three years. In highly regulated industries such as healthcare, the second year could cost a practice as much as 25% of the total costs.
HIPAA and PCI-DSS (for credit or debit card payments) regulations allow fines and penalties to be issued against organizations if the businesses do not maintain appropriate security standards. With multi-factor authentication, dentists decrease the odds of having a credential compromise that results in a loss of sensitive information.
Save Your Practice Time and Money
How much time is used to create, restore, and change passwords? When employees forget their passwords, they often call IT for a password reset. Even with an automated system for resets, it takes time and resources to maintain security control over password changes. All the efforts surrounding password control can lower productivity.
Having to manage multiple passwords can lead to password fatigue. When fatigue happens, employees become lax in maintaining strong password security. With 2FA, employees can have a single sign-on that can save time, reduce frustration, and eliminate password fatigue.
Even if nothing is stolen, a successful compromise can cost time and money. According to IBM’s data breach report, the average time to identify, contain, and remediate a successful breach is 275 days. Most dental practices cannot afford a loss of productivity as systems are re-evaluated, data record integrity confirmed, and compliance reestablished.
Added Security Without Losing Flexibility
Because multi-factor authentication relies on three identifying factors, dental practices can choose the methods that best fit with their culture. Practices can choose from such methods as:
- SMS Codes. When a user logs in, a numeric code is sent to the smartphone associated with the user’s account. The code is entered to complete the log-in process.
- Biometrics. Fingerprints, retina, or facial recognition software can provide access much as you may use with a smartphone.
- Authentication Apps. An app is placed on a smartphone that is paired to the user’s account. It generates a code that is entered to add a second layer of authentication.
Regardless of the method, 2FA implementation improves cybersecurity without losing flexibility.
HIPAA requires that electronic patient records be restricted to a need-to-know basis. With 2FA, authentication can be tied to access, making sure that only authorized individuals can access patient information. It simplifies control of patient information because access restrictions are put into place when the user logs in.
Interested in Introducing 2FA to Your Practice?
The FBI recently issued a warning to dental practices about increased cybercrime. They indicated that healthcare is always at risk, but a heightened security risk means taking the following steps:
- Use antivirus and threat detection software
- Require complex passwords
- Use MFA to access electronic records
- Train staff on cybersecurity
Given the recent alert, dental practices should strengthen their security posture, beginning with user authentication.
If you are interested in using 2FA in your practice, contact Erickson Dental Technologies to discuss how to get started. We specialize in delivering solutions to the dental industry.