Cybersecurity has become an essential component of conducting business for government agencies. As criminals find new and destructive ways to manipulate and steal digital information, security enhancements to protect sensitive information are no longer a luxury; they are necessary to thwart costly and increasingly sophisticated cyberattacks. 

Users of any organization, government or otherwise, are typically required to use a unique username and password to identify themselves and access systems. This basic “single layer” line of defense is no longer adequate and has proven to be frequently breached. Passwords can be guessed or leaked, allowing for breaches to grow in number and severity. In fact, a study conducted by the University of Maryland reports that a cyberattack occurs every 39 seconds. 

The prevalence of these attacks means organizations with any amount of data in their care (particularly when it might contain PII) must take responsibility for its protection and increase security; that’s where multi-factor authentication comes in.

What is Multi-Factor Authentication?

In the most basic sense, multi-factor authentication creates an added layer of protection when logging in to a system and requires the user to provide a second “factor” to prove one’s identity. This factor usually falls into one of three authentication categories known as knowledge, possession, and inherence. More simply, they can be thought of in this way:

    • Something you know, such as a PIN
    • Something you have, such as your phone or hand-held token
    • Something you are, such as a fingerprint or other biometric method

In order to authenticate the user, it is key that factors from two categories be used. After a user identifies one’s self with a username and password (something you know), the user might be required to input a code sent to their smartphone (something you have). Combining factors from two authentication categories is remarkably effective in preventing cyberattacks.

Why Should Agencies Use Multi-Factor Authentication?

Cyberattacks are more widespread than ever before and are no longer limited to large corporations. These attacks have reached government bodies of all sizes and have been bolstered by the onset of the pandemic. With a huge population of newly remote workers, there was more opportunity for hackers to exploit weaknesses in technology. Not even schools are immune to cyberattacks; and the influx has left districts across the country scrambling to implement stronger security measures.

Whether it’s Criminal Justice Information Services (CJIS) or Health Insurance Portability and Accountability Act (HIPAA), many government institutions must be compliant with a number of security policies and multi-factor authentication is critical in helping agencies stay compliant.  Government agencies oversee highly sensitive information, including data with citizens’ personal identifying information, and need the very best security solutions to protect this data while remaining compliant with regulations. 

Implementing multi-factor authentication assures user identity and better controls who has access to data and files. As the amount of data continues to grow in public records, this layered security approach keeps information out of the wrong hands. Some recent examples of this are the high-profile Colonial Pipeline and SolarWinds security breaches in 2021 that could have been prevented with the use of multi-factor authentication. 

For more information on GovQA’s data security solutions, click here.

Join the Conversation. What are your peers prioritizing as they look to 2022?

Take the 2022 Peers In Public Records Survey.

The Peers in Public Records Newsletter (formerly FOIA News) is a bi-monthly e-newsletter brought to you by GovQA. It is a collection of the latest trends in public record requests and government transparency initiatives, shared stories, live roundtables, informative case studies, and actionable knowledge that will help you calm the chaos and keep your organization compliant. Send your comments to

Subscribe to the Peers in Public Records Newsletter

© Copyright 2021. PiPRSurvey. All rights reserved.