Zoom Logo

A Practical Path to MFA – How to Secure Every Single Account, One Step at a Time - Shared screen with speaker view
Brittney Gilardian
33:10
Welcome to the MFA Webinar! If you have a question for the speakers throughout the presentation, feel free to type out your message in this chat bar.
Rita Reynolds
48:51
Anyone else have why MFA is not popular? What barriers have you heard?
Kevin Scott
51:46
We had some users complain about having to perform an additional step to login. But we told them it's mandatory
Matthew Stewart
52:31
I would echo that. End user adoption/buy in is a very big challenge
Tina Travieso
53:18
We have a bit of pushback on who is paying for the texts or putting an app on a personal phone
Rusty Stanberry
53:54
We have the same issue Tina.
Tim Lansing
54:06
2nd that from Tina - usually get a lot of push back if users are asked to use a personal device
Kevin Scott
56:06
3rd that from Tina. For employees with county stipends, we allow them to use the app or a Duo token. For employees that don't have a county stipend, they can only use a Duo token (Digipass GO)
Kevin O'Malley
57:05
Florida has the Sunshine Law so there is the issue of adding the authentication on personal phone and how that changes discoverability.
Rita Reynolds
01:01:07
My mantra is "have a data asset inventory". And it is required by almost all cyber insurance carriers.
Kevin O'Malley
01:02:37
That should be the next webinar. Asset management barriers are so many and hard to get buy-in.
Rita Reynolds
01:02:50
Great point
Kevin O'Malley
01:04:15
Many municipalities are having to self-insure.
Ken Bahls
01:04:25
Another unfortunate thing happening is that cyber criminals appear to targeting cyber insurance companies...so the forms we fill out highlighting our vulnerabilities are hacked!
Rita Reynolds
01:06:55
Ken, what you are saying unfortunately makes sense. Unfortunate that it has come to that.
Kevin O'Malley
01:07:10
and what do you consider an asset? Software SaaS and Hardware
Rita Reynolds
01:12:29
There are also security policies and samples in the NACo Tech Xchange Portal. If you are a member of the Tech Xchange (IT staff) can download those.
Amy Middendorf
01:16:11
Does your policy only address the network security? or does it address training and data security and do you put the policies IT needs to follow separate?
Amy Middendorf
01:18:51
Ok, thank you Sybil and Rita. I am building my policy now and it is quite lengthy!
Rita Reynolds
01:19:52
Understand, Some areas like this are best broken down into an overarching policy and then supporting policy or guidelines
Ken Bahls
01:21:41
We just rolled out a new policy. As part of that policy we audit it annually but are doing it initially every quarter (parts for each quarter) to keep moving towards compliance
Rita Reynolds
01:22:41
Ken, I like that approach!
Kevin Scott
01:29:17
CISA has also announced recently that single-factor authentication has been added to their Bad Practices catalogue
Amy Middendorf
01:31:35
Thank you all!
Tim Lansing
01:31:39
Thank you!
Jefferson Green
01:31:41
Thanks!