{"id":63662,"date":"2023-01-10T17:13:25","date_gmt":"2023-01-10T09:13:25","guid":{"rendered":"https:\/\/version-2.com.sg\/?p=63662"},"modified":"2024-09-13T16:31:51","modified_gmt":"2024-09-13T08:31:51","slug":"multi-factor-authentication-best-practices-strategy","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2023\/01\/multi-factor-authentication-best-practices-strategy\/","title":{"rendered":"Multi-factor authentication best practices &#038; strategy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"63662\" class=\"elementor elementor-63662\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-35fe5dd post-content elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"35fe5dd\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;cef08c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-409a2e9a\" data-id=\"409a2e9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5a8be8f elementor-widget elementor-widget-text-editor\" data-id=\"5a8be8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/images.ctfassets.net\/5natoedl294r\/2536FDslOgC5cAv95HqRZ6\/d3debf6670af3d80dd390f2a05fa2bfa\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp\" width=\"1400\" height=\"800\" \/><\/p><div class=\"nord-col lg:col-8 lg:offset-1 break-words mt-5 text-grey-shuttle\"><article><p class=\"my-4 blog-paragraph text-still-dark-blue\">Multi-factor authentication (MFA)<strong> requests more than one identification factor when users log into network services<\/strong>. These factors could be one-time codes delivered by secure third-party providers. Or they could be biometric identifiers.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">The aim of MFA is to<strong> verify user identities and strengthen network protection beyond the level provided by traditional passwords<\/strong>. But how should you achieve this goal?<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">This blog will explain some core MFA best practices. It will also lead you through a step-by-step guide to implementing multi-factor authentication. The result should be an MFA system that ensures rock-solid network protection where it matters most.<\/p><h2 id=\"mfa-best-practices\" class=\"Heading Heading-h2 text-dark-blue\">MFA best practices<\/h2><p class=\"my-4 blog-paragraph text-still-dark-blue\">Multi-factor authentication is an essential addition to cybersecurity setups. Properly configured, <strong>MFA allows workers to relocate to their homes, connect remotely as they travel, and use cloud resources anywhere<\/strong>.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">These MFA best practices will help you create an authentication system that meets your needs.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">1. Plan the right MFA solution for your business<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">Multi-factor authentication is not a one-size-fits-all technology. <strong>Choose the right authentication system for your business needs. <\/strong>For instance<strong>, <\/strong>types of MFA to think about include:<\/p><ul class=\"list\"><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Biometric scanning<\/strong>, such as retinal scans and fingerprints.<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>One-time passwords (OTP) <\/strong>delivered by tokens, email, or SMS.<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Hardware devices <\/strong>such as security badges, cards and tokens.<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Contextual factors<\/strong> such as keyboard behavior, location data, and the network are used to make a connection.<\/p><\/li><\/ul><p class=\"my-4 blog-paragraph text-still-dark-blue\">Workers could benefit from biometric scanning if your business relies on mobile devices. Quick, user-friendly biometrics can provide secure access away from the office. Smartphones are well-suited to techniques like fingerprint scans.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Workforces where remote working is routine, might prefer hardware tokens or tags. These small devices are easy to carry between work and home. The tokens will still be required to access network resources if devices are lost or stolen. So they are a good extra defense measure.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Whatever solution you choose, it must comply with network infrastructure. Find an MFA system that is compatible with critical apps and employee devices.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">2. Create an enterprise-wide MFA solution<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Multi-factor authentication solutions must cover all access points to network resources<\/strong>.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Carry out a device audit before sourcing any technologies. This will help you understand which types of MFA tech to choose and how to train employees to use authentication systems.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Cloud assets and on-premises resources should all be included. Protect all cloud endpoints with more than one authentication factor, with additional protections for high-value assets.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">3. Manage change to bring users on board<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">The biggest problem with multi-factor authentication is <strong>ensuring employees use authentication tools consistently and safely<\/strong>. Workers may lapse into unsafe behavior if MFA is too time-consuming or complex. That\u2019s why <strong>change management is all-important<\/strong>.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Plan a staged introduction that makes every user feel part of the process. Extra authentication methods will disrupt working practices, at least for a while. But if you approach employees as participants in the process, they will respond positively.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Inform users about upcoming changes at the start of the project. Explain how MFA will benefit workers and how user identification works. Answer any questions as the project unfolds. Workers need to know exactly what is required and how to comply with security policies.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Change managers can isolate areas of potential resistance. Focus on chokepoints like using third-party devices, managing biometrics, and password management. Provide training and refresh user knowledge after MFA comes online.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">4. Create user-friendly MFA systems<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">When mainstreaming MFA,<strong> companies need to craft user-friendly solutions<\/strong>. Systems should minimize friction and maximize speed while remaining secure.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Explore ways to reduce the work of users. Adaptive authentication can remove the need for passwords and use device or location information alongside biometrics. Single sign-on portals can bring services together and make logging on easier.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Where possible, provide multiple options for users. Some workers will embrace retina or fingerprint scanning. For others, it could be impractical or intrusive. They might prefer hardware tokens.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">When people choose their own solutions, they are more likely to feel in control. When they \u201cown\u201d their authentication choices, workers will be less likely to back-slide and abandon MFA.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">5. Combine MFA with single sign-on (SSO)<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">As hinted above, one common solution for MFA is single sign-on (SSO). <strong>SSO creates a single identity security portal.<\/strong> This gateway allows users to access core resources according to their individual privileges.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">SSO fits neatly with MFA. You can combine standard password portals with biometrics and one-time passwords. Using a single portal and extra identity verification factors balances user experience and network security.<\/p><ul class=\"list\"><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>SSO reduces employee workloads<\/strong>, providing instant system access to all relevant resources. That\u2019s particularly useful when connecting remote workers to cloud assets.<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>MFA supplements password security<\/strong>. This solves some problems associated with SSO, including the repeated use of passwords or the reliance on weak passwords that are easy to hack.<\/p><\/li><\/ul><h3 class=\"Heading Heading-h3 text-dark-blue\">6. Make use of contextual factors<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">Multi-factor authentication systems use more than biometric scanners and hardware tokens. <strong>MFA can also leverage contextual information about individual users and their devices<\/strong>.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Contextual information is passive. Users do not need to provide information consciously. Instead, agents detect data about the user\u2019s device or location. Agents on user laptops can tell whether the computer is in the owner\u2019s home or connected to insecure public wifi. Blacklisting screens out unknown devices or those accessing from unsafe locations.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Users move. They won\u2019t always be located at home. And if employees request access from elsewhere, MFA systems ask them for additional information. That complicates matters for laptop or smartphone thieves with access to worker devices.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">More advanced authentication factors are also available for extremely high-security situations. Techniques like liveness testing and biometric keyboard verification provide maximum information about user identities. These contextual factors represent an extremely strong barrier against data thieves when used with physical tokens.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">7. Think about passwordless solutions<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">In some cases, MFA allows companies to remove traditional password access from their network perimeter. Passwords are clumsy to use. Few employees use strong passwords or store them safely. <strong>Going passwordless can make a lot of sense from a security perspective.<\/strong><\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">MFA can use contextual information about mobile devices, user locations, or even user behavior. These factors may be sufficient to allow access when combined with biometric data. This saves time while providing a degree of security. However, strong passwords should be retained to access sensitive data and critical workloads.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">8. Implement the least privilege to secure network assets<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">MFA can apply uniformly to all users, but it\u2019s also better to <strong>implement role-based MFA to enforce the principle of least privilege<\/strong>. Part of Zero Trust Network Access (ZTNA), this principle states that users should only have access to essential data and applications. All non-essential resources should be off-limits.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Identity and Access Management and network segmentation are core ZTNA technologies, but MFA also plays a role.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">MFA systems can ask for additional information when users try to exercise administrative functions. MFA can also apply conditional access to high-security databases and request additional user credentials at regular intervals.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">9. Use provisioning protocols for cloud compatibility<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">Companies can combine MFA systems and critical cloud assets by using provisioning protocols. For instance, Microsoft Azure Active Directory supports protocols like RADIUS and Oauth 2.0.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Standard protocols like RADIUS make it easier to combine legacy network tools and cloud applications. MFA systems must operate across all network devices and resources. Adopting an approach based on standard protocols makes this possible.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">10. See MFA as an ongoing process<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">Deploying MFA doesn\u2019t end when users start to apply biometrics or hardware tokens. <strong>Companies must see authentication as an ongoing challenge requiring constant attention and regular audits.<\/strong><\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">The threat landscape does not stand still. New phishing techniques emerge monthly. Novel malware threats can compromise previously secure endpoints. Network managers must be aware of these developments. Security teams must update MFA systems to reflect real-world cybersecurity risks.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Regularly assess MFA systems to ensure they are delivering effective security. Are workers using them properly? Do you need to use more or different authentication factors? Are any gaps not covered by authentication processes?<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Companies also need to be persistent and determined when deploying MFA. Most MFA solutions experience problems. Users regularly report difficulties, which can cause IT teams to roll back authentication projects. Resist this urge.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Provide support to any departments or individuals experiencing issues. Drill down into the concerns reported by users. They may detect technical issues that were not apparent to security professionals.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Above all, <strong>don\u2019t expect overnight success.<\/strong> MFA eventually becomes embedded in everyday work, but this won\u2019t happen immediately.<\/p><h2 id=\"stepbystep-mfa-implementation-strategy\" class=\"Heading Heading-h2 text-dark-blue\">Step-by-step MFA implementation strategy<\/h2><p class=\"my-4 blog-paragraph text-still-dark-blue\">When implementing MFA, here are the steps to follow:<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">1. Train users in how MFA works<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">Employee education is critical when implementing MFA. Every process must be centered around upskilling and reassuring users.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Poorly informed workers may resist authentication techniques or back-slide to unsafe practices<\/strong>. Here are some things to bear in mind when training staff:<\/p><ul class=\"list\"><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Regularly communicate via email from the start of the project<\/strong>. Timely emails will ensure staff are aware of timescales and security policies. They can include contact details for project leaders.<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Create ways for staff to engage with project managers<\/strong>. Messaging apps like Slack are a good option here. Make staff available to field any queries and provide updates if requested.<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Stress the positive aspect of MFA<\/strong>. Always focus on why you are introducing MFA and how it will help individuals.<\/p><\/li><\/ul><h3 class=\"Heading Heading-h3 text-dark-blue\">2. Design an MFA system to suit your needs<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Choosing the right form of multi-factor authentication is critically important. <\/strong>Some companies find that biometric scanners like facial recognition are appropriate. This works well when end users have access to smartphones with reliable cameras and fingerprint scanners.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Other companies prefer to distribute hardware tokens to remote workers. Tokens provide one-time passwords and can be tracked remotely by security managers.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Questions to ask when choosing an MFA solution:<\/p><ul class=\"list\"><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\">What kind of devices will use your MFA system?<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\">Is there a mixture of work-from-home and on-premises end users?<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\">Is ease of use more important than pure identity security?<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\">Do you need sophisticated solutions with fine-grained MFA controls?<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\">Is cost an overriding factor, or can you afford to spend more?<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\">What apps and services will your MFA solution interact with? Compatibility is essential to avoid friction and improve the user experience.<\/p><\/li><\/ul><h3 class=\"Heading Heading-h3 text-dark-blue\">3. Apply privileges to roles and individuals<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Create privilege levels for different access requests.<\/strong> This allows individuals to access core resources while keeping sensitive data off-limits to those who do not need it.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">You might want to request extra identity data when accessing customer records or executing admin commands on cloud platforms. MFA requests every few hours may also be needed when accessing financial records.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Some resources may not need MFA at all. Contextual controls and passwords could be sufficient to protect low-sensitivity resources. However,<strong> risk assesses each asset to avoid leaving confidential data exposed.<\/strong><\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">4. Make sure your MFA implementation is compliant<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">Authentication is a core aspect of major data security regulations, including HIPAA, GDPR, and PCI-DSS. <strong>Sectors like health care or financial processing have specific requirements<\/strong> absent from other business areas. Knowing which regulations affect your business is absolutely vital.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">For example, PCI-DSS requires:<\/p><ul class=\"list\"><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\">Strong encryption of all customer data<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\">Three-factor MFA for any servers handling customer data<\/p><\/li><li class=\"ml-4 pl-4\"><p class=\"my-4 blog-paragraph text-still-dark-blue\">Identity management to ensure customer records can only be accessed by authorized individuals<\/p><\/li><\/ul><p class=\"my-4 blog-paragraph text-still-dark-blue\">Third-party authentication providers should possess the accreditation. Look for an <strong>Attestation of Compliance (AOC)<\/strong> with PCI-DSS or HIPAA. This means the provider has been independently assessed as meeting compliance standards.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">5. Create a streamlined way to request backup factors<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">Sometimes employees lose authentication hardware or business laptops. In these cases, they will probably also lose MFA data. <strong>Security best practice involves resetting the user\u2019s account with a backup factor and creating a new set of authentication information.<\/strong><\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">One option is to enable multiple devices on a single account. If users have more than one authorized device, they can use it to request backup factors and reset their accounts.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Security teams should also be prepared to remove authentication factors from user accounts when thefts occur. There should be a clear process for quarantining compromised factors, making it tough for thieves to use stolen identity credentials.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">6. Plan to on-board new remote workers<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">All work-from-home equipment must be audited and authorized with MFA software installed. But setting up MFA with remote workers can be time-consuming. It may leave security vulnerabilities if staff is left to their own devices.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Many companies provide work laptops for new hires. If you take this route, take time to <strong>lead staff through the MFA onboarding process<\/strong>. If necessary, schedule video meetings to explain the process. That way, you can verify that staff properly follow every step.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">7. Configure adaptive MFA controls<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\">Before MFA goes live, <strong>explore additional security controls your provider offers<\/strong>. This should include adaptive systems to detect anomalies and meet threats proactively.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">At this stage, you can blacklist certain access locations. For instance, you may blacklist all public wifi hotspots. But you could even limit access from entire continents.<\/p><h3 class=\"Heading Heading-h3 text-dark-blue\">8. Plan to audit your MFA solution<\/h3><p class=\"my-4 blog-paragraph text-still-dark-blue\"><strong>Plan to reassess your authentication setup regularly<\/strong>. Every MFA implementation experiences some problems. They are generally not deal-breakers and tend to involve easing users into the authentication process.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Check that users are following MFA practices. And make sure privileges match up with risk assessments. Do multiple factors protect confidential data, or can general users access databases?<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">As new threats emerge, authentication systems can become outdated. Be prepared to update software or add new factors if the situation changes.<\/p><h2 id=\"how-can-nordlayer-help-with-mfa-implementation\" class=\"Heading Heading-h2 text-dark-blue\">How can NordLayer help with MFA implementation?<\/h2><p class=\"my-4 blog-paragraph text-still-dark-blue\">NordLayer offers a suite of security tools allowing companies to create secure SSE architecture at the network edge. Guard cloud assets, on-premises data centers, and remote work laptops. And make life easy for workers to carry out their tasks.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Our products include<a class=\"hyperlink Link Link--blue-dodger font-medium\" href=\"\/blog\/mfa-vs-2fa-whats-the-difference\/\"> 2FA or MFA for authentication<\/a> to increase security levels while connecting to company networks. NordLayer caters to apps like Google Authenticator or Authy and USB devices to deliver security keys.<\/p><p class=\"my-4 blog-paragraph text-still-dark-blue\">Adding MFA is quick and easy, especially when you combine authentication and SSO. The result is all-around security for critical business assets. To find out more, <a class=\"hyperlink Link Link--blue-dodger font-medium\" href=\"\/contact-sales\/\">get in touch with the NordLayer team today<\/a>.<\/p><\/article><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2004c86 elementor-widget elementor-widget-shortcode\" data-id=\"2004c86\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"64131\" class=\"elementor elementor-64131\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-35fe5dd post-content elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"35fe5dd\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;cef08c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-409a2e9a\" data-id=\"409a2e9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5a8be8f elementor-widget elementor-widget-text-editor\" data-id=\"5a8be8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><img decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/s1.npass.app\/nordpass\/media\/1.1728.0\/images\/web\/blog\/svg\/business-continuity-plan-800x450.svg\" width=\"800\" height=\"450\" \/><\/p><div class=\"Post__content mx-auto container--m\"><div><div><p class=\"leading-loose text-lead my-3 font-medium\">These days, cybercrime is rampant. It&#8217;s no longer a matter of \u201cif\u201d you&#8217;re going to suffer an attack but \u201cwhen\u201d it will happen. All companies want to be ready for any crisis. And this is where a business continuity plan comes into play.<\/p><p class=\"leading-loose text-lead my-3 font-medium\">But what is a business continuity plan exactly? Why is it important? What should one include? Today, we&#8217;re exploring all these questions in-depth.<\/p><h2 id=\"what-is-a-business-continuity-plan\" class=\"text-h5 font-bold mb-6 mt-12 leading-normal\" style=\"line-height: 1.2;\">What is a business continuity plan?<\/h2><p class=\"leading-loose text-base my-3\">A business continuity plan (BCP) is a document that sets guidelines for how an organization will continue its operations in the event of a disruption, whether it&#8217;s a fire, flood, other natural disaster or a cybersecurity incident. A BCP aims to help organizations resume operations without significant downtime.<\/p><p class=\"leading-loose text-base my-3\">Unfortunately, according to a 2020 <a class=\"nord-link cursor-pointer outline-none transition-colors duration-250 ease-out text-teal hover:text-teal-dark\" href=\"https:\/\/www.mercer.com\/content\/dam\/mercer\/attachments\/global\/gl-2020-mercer-covid-19-global-survey-coronavirus-impact-to-global-market.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Mercer survey<\/a>, 51% of businesses across the globe don&#8217;t have a business continuity plan in place.<\/p><h2 id=\"whats-the-difference-between-business-continuity-and-disaster-recovery-plans\" class=\"text-h5 font-bold mb-6 mt-12 leading-normal\" style=\"line-height: 1.2;\">What&#8217;s the difference between business continuity and disaster recovery plans?<\/h2><p class=\"leading-loose text-base my-3\">We often confuse the terms business continuity plan and disaster recovery plan. The two overlap and often work together, but the disaster recovery plan focuses on containing, examining, and restoring operations after a cyber incident. On the other hand, BCP is a broader concept that considers the whole organization. A business continuity plan helps organizations stay prepared for dealing with a potential crisis and usually encompasses a disaster recovery plan.<\/p><h2 id=\"importance-of-business-continuity-planning\" class=\"text-h5 font-bold mb-6 mt-12 leading-normal\" style=\"line-height: 1.2;\">Importance of business continuity planning<\/h2><p class=\"leading-loose text-base my-3\">The number of news headlines announcing data breaches has numbed us to the fact that cybercrime is very real and frequent and poses an existential risk to companies of all sizes and industries.<\/p><p class=\"leading-loose text-base my-3\">Consider that in 2021, approximately <a class=\"nord-link cursor-pointer outline-none transition-colors duration-250 ease-out text-teal hover:text-teal-dark\" href=\"https:\/\/www.forbes.com\/sites\/chuckbrooks\/2022\/06\/03\/alarming-cyber-statistics-for-mid-year-2022-that-you-need-to-know\/?sh=7e691ccf7864\" target=\"_blank\" rel=\"noopener noreferrer\">37% of global organizations<\/a> fell victim to a ransomware attack. Then consider that business interruption and restoration costs account for <a class=\"nord-link cursor-pointer outline-none transition-colors duration-250 ease-out text-teal hover:text-teal-dark\" href=\"https:\/\/www.allianz.com\/en\/press\/news\/studies\/211013_Allianz-AGCS-Ransomware-Trends-Risks-and-Resilience.html#:~:text=Business%20interruption%20and%20restoration%20costs,involved%20in%20over%20six%20years\" target=\"_blank\" rel=\"noopener noreferrer\">50% of cyberattack-related losses<\/a>. Finally, take into account that most cyberattacks are financially motivated and the global cost of cybercrime topped <a class=\"nord-link cursor-pointer outline-none transition-colors duration-250 ease-out text-teal hover:text-teal-dark\" href=\"https:\/\/techxplore.com\/news\/2022-05-global-cybercrime-topped-trillion-defence.html\" target=\"_blank\" rel=\"noopener noreferrer\">$6 trillion last year<\/a>. The picture is quite clear \u2014 cybercrime is a lucrative venture for bad actors and potentially disastrous for those on the receiving end.<\/p><p class=\"leading-loose text-base my-3\">To thrive in these unpredictable times, organizations go beyond conventional security measures. Many companies develop a business continuity plan parallel to secure infrastructure and consider the plan a critical part of the security ecosystem. The Purpose of a business continuity plan is to significantly reduce the downtime in an emergency and, in turn, reduce the potential reputational damage and \u2014 of course \u2014 revenue losses.<\/p><h2 id=\"business-continuity-plan-template\" class=\"text-h5 font-bold mb-6 mt-12 leading-normal\" style=\"line-height: 1.2;\">Business continuity plan template<\/h2><div class=\"BlogBannerV2 py-8 md:py-10 lg:py-12 mt-8 md:mt-10 lg:mt-12 relative flex flex-col text-center font-medium overflow-hidden BlogBannerV2--default bg-blue-darkest\"><h2 class=\"nord-text text-h3 leading-normal font-medium tracking-tight inline-block font-bold mx-6 md:mx-21 z-1 text-white\" style=\"line-height: 1.2;\">Password security for your business<\/h2><p class=\"nord-text text-base leading-normal text-black mt-4 lg:mt-6 z-1 text-white\">Store, manage and share passwords.<\/p><div class=\"z-1\"><a class=\"nord-button focus:outline-none font-medium align-bottom rounded-1 select-none transition-colors ease-out duration-250 cursor-pointer nord-button--medium border text-white nord-button--v-contained nord-button--c-teal bg-teal border-teal font-medium inline-block Button__rounded mt-4 lg:mt-6 py-3 px-4 lg:px-6 whitespace-no-wrap\" href=\"\/business-password-manager\/\">Get NordPass Business<\/a><\/div><p class=\"nord-text text-micro leading-normal text-black mt-3 z-1 text-white\">30-day money-back guarantee<\/p><\/div><h4 id=\"business-continuity-plan-example\" class=\"text-h6 font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Business Continuity Plan Example<\/h4><p class=\"leading-loose text-base my-3\">[Company Name]<\/p><p class=\"leading-loose text-base my-3\">[Date]<\/p><h4 id=\"i-introduction\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">I. Introduction<\/h4><ul class=\"leading-loose mt-3 mb-6 list--ul\"><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Purpose of the Plan<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Scope of the Plan<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Budget<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Timeline<\/p><\/li><\/ul><p class=\"leading-loose text-base my-3\">The initial stage of developing a business continuity plan starts with a statement of the plan&#8217;s purpose, which explains the main objective of the plan, such as ensuring the organization&#8217;s ability to continue its operations during and after a disruptive event.<\/p><p class=\"leading-loose text-base my-3\">The Scope of the Plan outlines the areas or functions that the plan will cover, including business processes, personnel, equipment, and technology.<\/p><p class=\"leading-loose text-base my-3\">The Budget specifies the estimated financial resources required to implement and maintain the BCP. It includes costs related to technology, personnel, equipment, training, and other necessary expenses.<\/p><p class=\"leading-loose text-base my-3\">The Timeline provides a detailed schedule for developing, implementing, testing, and updating the BCP.<\/p><h4 id=\"ii-risk-assessment\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">II. Risk Assessment<\/h4><ul class=\"leading-loose mt-3 mb-6 list--ul\"><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Identification of Risks<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Prioritization of Risks<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Mitigation Strategies<\/p><\/li><\/ul><p class=\"leading-loose text-base my-3\">The Risk Assessment section of a Business Continuity Plan (BCP) is an essential part of the plan that identifies potential risks that could disrupt an organization&#8217;s critical functions.<\/p><p class=\"leading-loose text-base my-3\">The Identification of Risks involves identifying potential threats to the organization, such cybersecurity breaches, supply chain disruptions, power outages, and other potential risks. This step is critical to understand the risks and their potential impact on the organization.<\/p><p class=\"leading-loose text-base my-3\">Once the risks have been identified, the Prioritization of Risks follows, which helps determine which risks require the most attention and resources.<\/p><p class=\"leading-loose text-base my-3\">The final step in the Risk Assessment section is developing Mitigation Strategies to minimize the impact of identified risks. Mitigation strategies may include preventative measures, such as system redundancies, data backups, cybersecurity measures, as well as response and recovery measures, such as emergency protocols and employee training.<\/p><h4 id=\"iii-emergency-response\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">III. Emergency Response<\/h4><ul class=\"leading-loose mt-3 mb-6 list--ul\"><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Emergency Response Team<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Communication Plan<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Emergency Procedures<\/p><\/li><\/ul><p class=\"leading-loose text-base my-3\">This section of the plan focuses on immediate actions that should be taken to ensure the safety and well-being of employees and minimize the impact of the event on the organization&#8217;s operations.<\/p><p class=\"leading-loose text-base my-3\">The Emergency Response Team is responsible for managing the response to an emergency or disaster situation. This team should be composed of individuals who are trained in emergency response procedures and can act quickly and decisively during an emergency. The team should also include a designated leader who is responsible for coordinating the emergency response efforts.<\/p><p class=\"leading-loose text-base my-3\">The Communication Plan outlines how information will be disseminated during an emergency situation. It includes contact information for employees, stakeholders, and emergency response personnel, as well as protocols for communicating with these individuals.<\/p><p class=\"leading-loose text-base my-3\">The Emergency Procedures detail the steps that should be taken during an emergency or disaster situation. The emergency procedures should be developed based on the potential risks identified in the Risk Assessment section and should be tested regularly to ensure that they are effective.<\/p><h4 id=\"iv-business-impact-analysis\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">IV. Business Impact Analysis<\/h4><p class=\"leading-loose text-base my-3\">The Business Impact Analysis (BIA) section of a Business Continuity Plan (BCP) is a critical step in identifying the potential impact of a disruption to an organization&#8217;s critical operations.<\/p><p class=\"leading-loose text-base my-3\">The Business Impact Analysis is typically conducted by a team of individuals who understand the organization&#8217;s critical functions and can assess the potential impact of a disruption to those functions. The team may include representatives from various departments, including finance, operations, IT, and human resources.<\/p><h4 id=\"v-recovery-and-restoration\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">V. Recovery and Restoration<\/h4><ul class=\"leading-loose mt-3 mb-6 list--ul\"><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Procedures for recovery and restoration of critical processes<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Prioritization of recovery efforts<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Establishment of recovery time objectives<\/p><\/li><\/ul><p class=\"leading-loose text-base my-3\">The Recovery and Restoration section of a Business Continuity Plan (BCP) outlines the procedures for recovering and restoring critical processes and functions following a disruption.<\/p><p class=\"leading-loose text-base my-3\">The Procedures for recovery and restoration of critical processes describe the steps required to restore critical processes and functions following a disruption. This may include steps such as relocating to alternate facilities, restoring data and systems, and re-establishing key business relationships.<\/p><p class=\"leading-loose text-base my-3\">The Prioritization section of the plan identifies the order in which critical processes will be restored, based on their importance to the organization&#8217;s operations and overall mission.<\/p><p class=\"leading-loose text-base my-3\">Recovery time objectives (RTOs) define the maximum amount of time that critical processes and functions can be unavailable following a disruption. Establishing RTOs ensures that recovery efforts are focused on restoring critical functions within a specific timeframe.<\/p><h4 id=\"vi-plan-activation\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">VI. Plan Activation<\/h4><ul class=\"leading-loose mt-3 mb-6 list--ul\"><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Plan Activation Procedures<\/p><\/li><\/ul><p class=\"leading-loose text-base my-3\">The Plan Activation section is critical in ensuring that an organization can quickly and effectively activate the plan and respond to a potential emergency.<\/p><p class=\"leading-loose text-base my-3\">The Plan Activation Procedures describe the steps required to activate the BCP in response to a disruption. The procedures should be clear and concise, with specific instructions for each step to ensure a prompt and effective response.<\/p><h4 id=\"vii-testing-and-maintenance\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">VII. Testing and Maintenance<\/h4><ul class=\"leading-loose mt-3 mb-6 list--ul\"><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Testing Procedures<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Maintenance Procedures<\/p><\/li><li class=\"my-2\"><p class=\"leading-loose text-base my-3\">Review and Update Procedures<\/p><\/li><\/ul><p class=\"leading-loose text-base my-3\">This section of the plan is critical to ensure that an organization can effectively respond to disruptions and quickly resume its essential functions.<\/p><p class=\"leading-loose text-base my-3\">Testing procedures may include scenarios such as natural disasters, cyber-attacks, and other potential risks. The testing procedures should include clear objectives, testing scenarios, roles and responsibilities, and evaluation criteria to assess the effectiveness of the plan.<\/p><p class=\"leading-loose text-base my-3\">The Maintenance Procedures detail the steps necessary to keep the BCP up-to-date and relevant.<\/p><p class=\"leading-loose text-base my-3\">The Review and Update Procedures describe how the BCP will be reviewed and updated regularly to ensure its continued effectiveness. This may involve conducting a review of the plan on a regular basis or after significant changes to the organization&#8217;s operations or threats.<\/p><h2 id=\"what-should-a-business-continuity-plan-checklist-include\" class=\"text-h5 font-bold mb-6 mt-12 leading-normal\" style=\"line-height: 1.2;\">What should a business continuity plan checklist include?<\/h2><p class=\"leading-loose text-base my-3\">Organizations looking to develop a BCP have more than a few things to think through and consider. Variables such as the size of the organization, its IT infrastructure, personnel, and resources all play a significant role in developing a continuity plan. Remember, each crisis is different, and each organization will have a view on handling it according to all the variables in play. However, all business continuity plans will include a few elements in one way or another.<\/p><ul class=\"leading-loose mt-3 mb-6 list--ul\"><li class=\"my-2\"><h4 id=\"clearly-defined-areas-of-responsibility\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Clearly defined areas of responsibility<\/h4><p class=\"leading-loose text-base my-3\">A BCP should define specific roles and responsibilities for cases of emergency. Detail who is responsible for what tasks and clarify what course of action a person in a specific position should take. Clearly defined roles and responsibilities in an emergency event allow you to act quickly and decisively and minimize potential damage.<\/p><\/li><li class=\"my-2\"><h4 id=\"crisis-communication-plan\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Crisis communication plan<\/h4><p class=\"leading-loose text-base my-3\">In an emergency, communication is vital. It is the determining factor when it comes to crisis handling. For communication to be effective, it is critical to establish clear communication pipelines. Furthermore, it is crucial to understand that alternative communication channels should not be overlooked and outlined in a business continuity plan.<\/p><\/li><li class=\"my-2\"><h4 id=\"recovery-teams\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Recovery teams<\/h4><p class=\"leading-loose text-base my-3\">A recovery team is a collective of different professionals who ensure that business operations are restored as soon as possible after the organization confronts a crisis.<\/p><\/li><li class=\"my-2\"><h4 id=\"alternative-site-of-operations\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Alternative site of operations<\/h4><p class=\"leading-loose text-base my-3\">Today, when we think of an incident in a business environment, we usually think of something related to cybersecurity. However, as discussed earlier, a BCP covers many possible disasters. In a natural disaster, determine potential alternate sites where the company could continue to operate.<\/p><\/li><li class=\"my-2\"><h4 id=\"backup-power-and-data-backups\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Backup power and data backups<\/h4><p class=\"leading-loose text-base my-3\">Whether a cyber event or a real-life physical event, ensuring that you have access to power is crucial if you wish to continue operations. In a BCP, you can often come across lists of alternative power sources such as generators, where such tools are located, and who should oversee them. The same applies to data. Regularly scheduled data backups can significantly reduce potential losses incurred by a crisis event.<\/p><\/li><li class=\"my-2\"><h4 id=\"recovery-guidelines\" class=\"text-lead font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Recovery guidelines<\/h4><p class=\"leading-loose text-base my-3\">If a crisis is significant, a comprehensive business continuity plan usually includes detailed guidelines on how the recovery process will be carried out.<\/p><\/li><\/ul><h2 id=\"business-continuity-planning-steps\" class=\"text-h5 font-bold mb-6 mt-12 leading-normal\" style=\"line-height: 1.2;\">Business continuity planning steps<\/h2><figure class=\"my-12\"><div class=\"mx-auto\" style=\"max-width: 746px; max-height: 320px;\"><div class=\"nord-intrinsic relative w-full h-0 bg-transparent\" style=\"padding-top: 42.8954%;\"><picture class=\"nord-picture\"><source srcset=\"https:\/\/s1.npass.app\/nordpass\/media\/1.1728.0\/images\/web\/blog\/svg\/business-continuity-plan-steps-746x320.svg\" \/><img decoding=\"async\" class=\"nord-image nord-image--responsive\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" alt=\"business continuity plan steps\" \/><\/picture><\/div><\/div><\/figure><p class=\"leading-loose text-base my-3\">Here are some general guidelines that an organization looking to develop a BCP should consider:<\/p><h3 id=\"analysis\" class=\"text-h6 font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Analysis<\/h3><p class=\"leading-loose text-base my-3\">A business continuity plan should include an in-depth analysis of everything that could negatively affect the overall organizational infrastructure and operations. Assessing different levels of risk should also be a part of the analysis phase.<\/p><h3 id=\"design-and-development\" class=\"text-h6 font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Design and development<\/h3><p class=\"leading-loose text-base my-3\">Once you have a clear overview of potential risks your company could face, start developing a plan. Create a draft and reassess it to see if it takes into account even the smallest of details.<\/p><h3 id=\"implementation\" class=\"text-h6 font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Implementation<\/h3><p class=\"leading-loose text-base my-3\">Implement BCP within the organization by providing training sessions for the staff to get familiar with the plan. Getting everyone on the same page regarding crisis management is critical.<\/p><h3 id=\"testing\" class=\"text-h6 font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Testing<\/h3><p class=\"leading-loose text-base my-3\">Rigorously test the plan. Play out a variety of scenarios in training sessions to learn the overall effectiveness of the continuity plan. By doing so, everyone on the team will be closely familiar with the business continuity plan&#8217;s guidelines.<\/p><h3 id=\"maintenance-and-updating\" class=\"text-h6 font-medium mb-3 mt-6 leading-loose\" style=\"line-height: 1.2;\">Maintenance and updating<\/h3><p class=\"leading-loose text-base my-3\">Because the threat landscape constantly changes and evolves, you should regularly reassess your BCP and take steps to update it. By making your continuity plan in tune with the times, you will be able to stay a step ahead of a crisis.<\/p><h2 id=\"level-up-your-companys-security-with-nordpass-business\" class=\"text-h5 font-bold mb-6 mt-12 leading-normal\" style=\"line-height: 1.2;\">Level up your company&#8217;s security with NordPass Business<\/h2><p class=\"leading-loose text-base my-3\">A comprehensive business continuity plan is vital for the entire organization&#8217;s security posture. However, in a perfect world, you wouldn&#8217;t have to use it. This is where NordPass Business can help.<\/p><p class=\"leading-loose text-base my-3\">Remember, weak, reused, or compromised passwords are often cited as one of the top contributing factors in data breaches. It&#8217;s not surprising, considering that an average user has around 100 passwords. Password fatigue is real and significantly affects how people treat their credentials. NordPass Business counters these issues.<\/p><p class=\"leading-loose text-base my-3\">With <a class=\"nord-link cursor-pointer outline-none transition-colors duration-250 ease-out text-teal hover:text-teal-dark\" href=\"\/business-password-manager\/\">NordPass Business<\/a>, your team will have a single secure place to store all work-related passwords, credit cards, and other sensitive information. Accessing all the data stored in NordPass is quick and easy, which allows your employees not to be distracted by the task of finding the correct passwords for the correct account.<\/p><p class=\"leading-loose text-base my-3\">In cyber incidents, NordPass Business ensures that company credentials remain secure at all times. Everything stored in the NordPass vault is secured with advanced encryption algorithms, which would take hundreds of years to brute force.<\/p><p class=\"leading-loose text-base my-3\">If you are interested in learning more about NordPass Business and how it can fortify corporate security, do not hesitate to <a class=\"nord-link cursor-pointer outline-none transition-colors duration-250 ease-out text-teal hover:text-teal-dark\" href=\"\/business-password-manager\/request-demo\/\">book a demo<\/a> with our representative.<\/p><\/div><\/div><div class=\"Post__socials-sticky fixed left-0 lg:ml-6\" style=\"top: 50%; bottom: unset;\"><div class=\"flex lg:flex-col justify-center align-center\">\u00a0<\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2004c86 elementor-widget elementor-widget-shortcode\" data-id=\"2004c86\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"63567\" class=\"elementor elementor-63567\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-45e3ec76 elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"45e3ec76\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-311e216d\" data-id=\"311e216d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3d9a2e6f elementor-widget elementor-widget-text-editor\" data-id=\"3d9a2e6f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>About NordPass<br \/><\/strong>NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.<\/p><p>The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Multi-factor authentication (MFA) requests more than on [&hellip;]<\/p>\n","protected":false},"author":148637484,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[973,1075,1130,61],"tags":[974,1076,1132],"class_list":["post-63662","post","type-post","status-publish","format-standard","hentry","category-nord-security","category-year2023","category-nordlayer","category-press-release","tag-nord-security","tag-1076","tag-nordlayer"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Multi-factor authentication best practices &amp; strategy - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Multi-factor authentication best practices &amp; strategy - Version 2\" \/>\n<meta property=\"og:description\" content=\"Multi-factor authentication (MFA) requests more than on [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-10T09:13:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-13T08:31:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/images.ctfassets.net\/5natoedl294r\/2536FDslOgC5cAv95HqRZ6\/d3debf6670af3d80dd390f2a05fa2bfa\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp\" \/>\n<meta name=\"author\" content=\"versionpan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"versionpan\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nordlayer.com\\\/blog\\\/multi-factor-authentication-best-practices\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/01\\\/multi-factor-authentication-best-practices-strategy\\\/\"},\"author\":{\"name\":\"versionpan\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/103ffe36f7fd34a1cc126a30431b94d8\"},\"headline\":\"Multi-factor authentication best practices &#038; strategy\",\"datePublished\":\"2023-01-10T09:13:25+00:00\",\"dateModified\":\"2024-09-13T08:31:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/01\\\/multi-factor-authentication-best-practices-strategy\\\/\"},\"wordCount\":2345,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nordlayer.com\\\/blog\\\/multi-factor-authentication-best-practices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/images.ctfassets.net\\\/5natoedl294r\\\/2536FDslOgC5cAv95HqRZ6\\\/d3debf6670af3d80dd390f2a05fa2bfa\\\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp\",\"keywords\":[\"Nord Security\",\"2023\",\"NordLayer\"],\"articleSection\":[\"Nord Security\",\"2023\",\"NordLayer\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/01\\\/multi-factor-authentication-best-practices-strategy\\\/\",\"url\":\"https:\\\/\\\/nordlayer.com\\\/blog\\\/multi-factor-authentication-best-practices\\\/\",\"name\":\"Multi-factor authentication best practices & strategy - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nordlayer.com\\\/blog\\\/multi-factor-authentication-best-practices\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nordlayer.com\\\/blog\\\/multi-factor-authentication-best-practices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/images.ctfassets.net\\\/5natoedl294r\\\/2536FDslOgC5cAv95HqRZ6\\\/d3debf6670af3d80dd390f2a05fa2bfa\\\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp\",\"datePublished\":\"2023-01-10T09:13:25+00:00\",\"dateModified\":\"2024-09-13T08:31:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nordlayer.com\\\/blog\\\/multi-factor-authentication-best-practices\\\/#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nordlayer.com\\\/blog\\\/multi-factor-authentication-best-practices\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/nordlayer.com\\\/blog\\\/multi-factor-authentication-best-practices\\\/#primaryimage\",\"url\":\"https:\\\/\\\/images.ctfassets.net\\\/5natoedl294r\\\/2536FDslOgC5cAv95HqRZ6\\\/d3debf6670af3d80dd390f2a05fa2bfa\\\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp\",\"contentUrl\":\"https:\\\/\\\/images.ctfassets.net\\\/5natoedl294r\\\/2536FDslOgC5cAv95HqRZ6\\\/d3debf6670af3d80dd390f2a05fa2bfa\\\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nordlayer.com\\\/blog\\\/multi-factor-authentication-best-practices\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Multi-factor authentication best practices &#038; strategy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/103ffe36f7fd34a1cc126a30431b94d8\",\"name\":\"versionpan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"caption\":\"versionpan\"},\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/versionpan\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Multi-factor authentication best practices & strategy - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/","og_locale":"zh_HK","og_type":"article","og_title":"Multi-factor authentication best practices & strategy - Version 2","og_description":"Multi-factor authentication (MFA) requests more than on [&hellip;]","og_url":"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/","og_site_name":"Version 2","article_published_time":"2023-01-10T09:13:25+00:00","article_modified_time":"2024-09-13T08:31:51+00:00","og_image":[{"url":"https:\/\/images.ctfassets.net\/5natoedl294r\/2536FDslOgC5cAv95HqRZ6\/d3debf6670af3d80dd390f2a05fa2bfa\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp","type":"","width":"","height":""}],"author":"versionpan","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"versionpan"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/2023\/01\/multi-factor-authentication-best-practices-strategy\/"},"author":{"name":"versionpan","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/103ffe36f7fd34a1cc126a30431b94d8"},"headline":"Multi-factor authentication best practices &#038; strategy","datePublished":"2023-01-10T09:13:25+00:00","dateModified":"2024-09-13T08:31:51+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2023\/01\/multi-factor-authentication-best-practices-strategy\/"},"wordCount":2345,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/#primaryimage"},"thumbnailUrl":"https:\/\/images.ctfassets.net\/5natoedl294r\/2536FDslOgC5cAv95HqRZ6\/d3debf6670af3d80dd390f2a05fa2bfa\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp","keywords":["Nord Security","2023","NordLayer"],"articleSection":["Nord Security","2023","NordLayer","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2023\/01\/multi-factor-authentication-best-practices-strategy\/","url":"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/","name":"Multi-factor authentication best practices & strategy - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/#primaryimage"},"image":{"@id":"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/#primaryimage"},"thumbnailUrl":"https:\/\/images.ctfassets.net\/5natoedl294r\/2536FDslOgC5cAv95HqRZ6\/d3debf6670af3d80dd390f2a05fa2bfa\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp","datePublished":"2023-01-10T09:13:25+00:00","dateModified":"2024-09-13T08:31:51+00:00","breadcrumb":{"@id":"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/#primaryimage","url":"https:\/\/images.ctfassets.net\/5natoedl294r\/2536FDslOgC5cAv95HqRZ6\/d3debf6670af3d80dd390f2a05fa2bfa\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp","contentUrl":"https:\/\/images.ctfassets.net\/5natoedl294r\/2536FDslOgC5cAv95HqRZ6\/d3debf6670af3d80dd390f2a05fa2bfa\/MFA_Best_Practices_cover_web_1400x800.png?w=1400&amp;h=800&amp;q=50&amp;fm=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/nordlayer.com\/blog\/multi-factor-authentication-best-practices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"Multi-factor authentication best practices &#038; strategy"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/103ffe36f7fd34a1cc126a30431b94d8","name":"versionpan","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","caption":"versionpan"},"url":"https:\/\/version-2.com\/zh\/author\/versionpan\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-gyO","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/63662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/148637484"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=63662"}],"version-history":[{"count":1,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/63662\/revisions"}],"predecessor-version":[{"id":64216,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/63662\/revisions\/64216"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=63662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=63662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=63662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}