The 2018 mid-year Data Breach Quickview Report revealed that Australia had 24 data breaches and over 2.6 billion records exposed in the first half of 2018, ranking 5th globally by the number of data breaches and exposed records. It’s estimated that cybersecurity incidents could cost $29 billion a year in Australia. For organisation with more than 500 employees, a single breach could cost as much as $35.9 million (source). Online security and safety is now a top priority for many businesses and organisations. The Australian Tax Office (ATO), for instance, has introduced in their Operational Framework for Digital Service Providers, a mandatory requirement for all cloud-based accounting systems to implement Multi-factor Authentication (MFA).
What is MFA?
To understand MFA, we should first understand the common factors for authentication:
- Something you ‘know’ – a username, password, pin or an answer to a question
- Something you ‘have’ – a security token, smart card or software-based certificate
- Something you ‘are’ – a fingerprint, voice or iris pattern
MFA uses two or more of the above to verify a person’s identity. The most common second authentication method is via delivery of a one-time password (OTP) that is sent to a token, app or mobile phone via SMS.
Hard Token vs App-based Token vs SMS
Choosing an SMS provider
If you are considering SMS for MFA, there’re a few factors to consider when choosing the SMS provider. Firstly, what are the procedures regarding information security? Considering the sensitivity of the messages, data security is going to be at the top of your supplier selection criteria. Does the provider have robust procedures in place, or even better, any globally recognised standard to safeguard the security of your data? Another consideration is the reliability and timeliness of the delivery of your messages. As you want the users to receive the one-time password instantly when they request it, you should avoid choosing providers who use grey routing. Lastly, the flexibility and sturdiness of the SMS gateway should also be examined to ensure a smooth integration process and a substantial connection.
How can Esendex help
Esendex, being the only ISO 27001 accredited SMS provider in Australia, provides a guarantee to customers that all of the processes and services conducted are aligned with the globally recognised information security standard. Our direct connections to major networks ensure your messages get delivered swiftly, securely and reliably. Together with all the SDKs, sample code and documentation provided for easy integration with our SMS gateway, we’ll be able to help set you up with SMS for multi-factor authentication in no time. Get in touch at 1300 764 946 and speak to one of our team today!