Monday 18 May 2020

This advice has been collated by EMSOU and is intended for wider distribution within the East Midlands Region to raise awareness among businesses and the public.

Advice and information is changing daily as we navigate our way through the COVID- 19 pandemic, so please ensure you only take information from reputable sources.

If you require any further information, assistance or guidance please contact the EMSOU Protect Team or your local Force protect team. As society has become more complicated, humans have had to develop new ways to authenticate people they don’t directly know. When you know someone, it’s easy to identify them by simply looking at them. Over time, authentication has become more complex. In today’s blog, we’re discussing Multi-Factor Authentication (MFA) as a way to increase your company’s cyber security.

For up-to-the-minute information about cybersecurity throughout the COVID-19 crisis, remember to subscribe to our email newsletter. What is Multi-Factor Authentication?

Multi-factor or, more commonly, two factor authentication (2FA) is an extra layer of security for online activity. We have been using 2FA for years; when you put a debit card (something you have) into an ATM, it needs a PIN (something you know), but there are additional authentication levels that can be used for additional security.

Location is one layer and organisations may limit access to data to those within a secure network or by a specific device. A GPS-derived location from a smartphone or IP address may also be used to limit access. Some media sites use this to limit programmes broadcast by geographic region.

Other layers of authentication may be time based - only allowing access to users at certain designated times. Banks may use time and location for checking withdrawals - it’s impossible to withdraw from an ATM in London and 45 minutes later from an ATM in Glasgow, for example.

Biometric authentication is another layer – facial recognition, fingerprint, voice recognition and retinal scan. By applying multiple variations of these factors, it is possible to greatly increase the security of systems and data accessed.

The most common MFA is 2FA; a text message is sent to a mobile phone while using a bank/credit card online and a code is entered to authorise the transaction. This also imposes a time limit for using the code, to prevent fraudsters using the same code later.

MFA provides a way of 'double checking' who you really are when using online services, such as banking, email or social media.

When setting up 2FA, the service will ask for a 'second factor', which is something that you (and only you) can access - a code sent by text message or created by an app.

• Text messages. During setup, provide the phone number, and the service will send a code to use. Some services also offer sending a code using a voice message.

• Authenticator Apps on a smart phone (or tablet) are the main alternative to text messages. Google Authenticator and Microsoft Authenticator are examples. Apps offer advantages, such as not needing a mobile signal, or waiting for a text message to arrive.

The option to switch on MFA is usually found in security settings, it may be called 'two-step verification'.

Multi Factor Authentication guidance from The NCSC can be found here.

Top tips

• Use MFA when online, as it significantly reduces the risk of fraud.

• The website contains up-to-date instructions on how to set up 2FA across popular online services such as Gmail, Facebook, Twitter, LinkedIn, Outlook and iTunes.

• Do not to publicise your mobile phone number on social networking sites and if your phone line goes down, contact your service provided immediately.

Hot Topics

BitDefender has uncovered a number of phishing and website scams peddling fake COVID-19 cryptocurrencies and crypto- wallets that are used to steal data for phishing.

One COVID-19 cryptocurrency claims it is ‘The World’s Fastest Spreading Crypto Currency’ and attempts to get visitors to download suspicious files off GitHub.

Another site tricks visitors into registering for information about a COVID coin that ‘gains value as more people die and get infected’.

Webinar – Thursday 21st May 2020 @ 1400 – 1500 hrs

Topic: Out with the old, in with the new - A perspective from the next generation.

Are you bored of listening to the current world of Cyber Security specialists telling you what the industry and next generation needs?

Do you want to hear from the next generation themselves?

The City of London Police's Cyber Griffin team are excited to partner with CyberFirst, Tesco and Cygenta to bring you this opportunity.

During this free one hour webinar, Dr. Jessica Barker will be speaking to four CyberFirst students, bringing you a truly unique perspective on the future of cyber security.

To register for this event click on the following link - places are limited.


Please report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to

Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.