Protecting your data

How well protected is your data? Most of us know about Multi-Factor Authentication (MFA) but we often find people aren’t using it.  Why is that, given cybercrime is constantly on the rise?

Recently, the British Library published the output of their learnings from a cyber incident in October 2023. It’s a very interesting read, and many organisations can really learn from shared experiences like these.
Although they can’t be 100% sure, it is suspected that the ransomware gang involved gained entry to a server that wasn’t protected by MFA. It’s likely an employee’s username and password was compromised by a phishing attack or scam. With no MFA to protect, it was then easy for the attackers to gain entry.
If you read the British Library publication, you’ll see in this case MFA wasn’t enabled on the server as it was using old software that didn’t support it.

Legacy systems are a big problem and the challenges for large organisations of bringing them up to date are complex and well documented. Under appraising the risk of these can have long term impact.
At effini, we undertake Data Security Appraisals, advising on risk and improvement risk and supporting preparation of relevant accreditations.  And we can develop Data Security Strategies to define process, plans and goals.
One of the first things we look at is how user accounts are configured and protected across all the services that are in use. This includes Microsoft Office applications, communication tools and HR systems as well as traditional databases. After all, there is data in every system you use, from confidential financial information to sensitive customer data.
Common reasons we hear about why it’s not been enabled?
🔴 Didn’t know we needed it
🔴 Wasn’t sure how to do it, we thought it would take ages and be complicated
🔴 It’s a new tool and we assumed the default settings were best
Things we’d recommend to overcome these:
🟢 Ensure your teams  understand why it’s needed and the risks of not managing it well.
🟢 Provide written policies and processes to help them refresh info when they need it
🟢 Run a team learning session and get everyone to set it up during that time
🟢 When choosing a new tool, always ask “Does it support MFA out-of-the-box?”
The National Cyber Security Centre has lots of useful information about Multi-Factor Authentication you can read here:
And if you’re interested in reading all the details about the library, you can find the full article here:
Get in touch to know more about how we can undertake an independent appraisal of the ways your organisation is currently securing its data, and how to employ the right strategic approach to protect it now and in the future.

Published by:
Effini Digital