Why Organizations Need MFA
On this episode of IAM Pulse, our VP of Product, Kimberly Johnson is featured on the QSights Podcast to talk about MFA. Kimberly informs on the importance of investing in multi-factor authentication (MFA) across company devices, how to go about implementing the technology, and why some companies may be resistant towards the security measure. We also discuss some of the recent, large-scale U.S. cyberattacks and how MFA can help protect against these crimes.
Listen to the podcast:
William Papa
You're listening to, IAM Pulse, a podcast, discussing all things, identity access management from defending against cyber-attacks and to enhancing our overall cyber security strategy brought to you by BIO-key International. Today's episode is provided by the QSights Podcast featuring our own VP of Product, Kimberly Johnson. On this episode, both Kim and QSights host, Aaron Keeports are going to be covering the need for organizations to implement multi-factor authentication. With that, let's have them take it away.
Aaron Keeports
Hi everyone. And welcome to another episode of QSights brought to you by Quantis I'm Aaron Keeports, and I'll be your host today. We're covering the topic of why organizations need multi-factor authentication and what are the barriers to implementing it, to help us with this topic, we have special guests, Kimberly Johnson, the VP of marketing at BIO-key. BIO-key is a trusted provider of identity and access management. Also known as IAM and identity bound biometric solutions that offer an easy and secure way to authenticate the identity of employees, customers, and suppliers by managing their access across devices and applications with that. Let's welcome Kimberly to the show. How are you doing today?
Kimberly Johnson
I'm doing great. Aaron. Thanks for having me.
Aaron Keeports
Yes, thanks for hopping on this Friday before we head out for the weekend.
Kimberly Johnson
Right? Good way to end the week.
Aaron Keeports
For sure. And we're very excited to have you on the show to give us a little crash course on multi-factor authentication or for those of you who don't know, it could also be called MFA for short.
Kimberly Johnson
Sure, sure. Happy to be here.
Aaron Keeports
And if it's okay with you, we're just going to roll right into the questions here. So to start off, can you provide some background on your experience and how you got to where you are now as the VP of product marketing at BIO-key?
Kimberly Johnson
Sure. Thanks. So way back, I actually went to culinary school. I thought it'd be a baking pastry arts major, and now I am in cybersecurity. So quite a journey from early days in my career, since then I've worked now over a decade or so in all different types of areas of cybersecurity and more specifically what we call identity and access management, working with things like notes and domino systems, which are pretty dated. Now, some organizations still run them and doing things like single sign on. And multi-factor at that point, I've worked for organizations like a certificate authority that writes PKI and SSL certs for websites. For example, dabbled in healthcare IAM and even went into cyber risk, with cybersecurity ratings companies that I worked for. And over my career, I have really become, as I like to affectionately call a cyber geek. I thoroughly enjoy the subjects. I find it fascinating. I get really jazzed up. If you start asking me about the recent attacks and critical infrastructure and everything else, but have had the opportunity to really spend time with and speak with multiple organizations across all kinds of verticals about their cybersecurity and their strategy. So been at this for quite a while. And like I said, uh, geek out a bit on the subject.
Aaron Keeports
Thank you for the background there and for giving us the lay of the land of how you got to where you are now, and then shifting gears more towards today's topic. Can you give us a brief definition of what is multifactor authentication and maybe why it's important for companies to implement it?
Kimberly Johnson
Yeah, sure. I always start with, if you think about today, right? If I used to do business with you 20 years ago, I used to go into an office. You could see me. I was sitting in front of you. You knew who I was based on probably an identity driver's license passport, something like that. And the two words people use is digital transformation as business has become digital and also us as humans like convenience. So I love the Amazon delivers something within I think, eight hours to my door that meant that a lot of business transactions and engagement with even each other is done online and in digital formats. And so the whole premise behind identity and access management is that you're trying to make sure that the right people, the person that's authorized to access something is the one accessing the resource or the application at the right time and for the right reasons.
Kimberly Johnson
And if you've listened to the news or you've heard, I think multi-factor has become one of the hottest topics. Now, mainly because of that infamous cyber attack called ransomware, we've seen colonial pipeline. We've seen JBS, we've seen some other major attacks that have happened and multi-factor has come up as a real preventative measure for that. Now, what is that? When you go to log in, usually type in a username and a password, that's been pretty much standard status quo for quite a while. Multi-factor is a combination of at least two factors of something that, you know, something that you have or something that you are. And so for example, something that, you know, is your password, something that you have is your phone that receive, let's say a code or a pin that you also have to enter or something that you are is a biometric, right?
Kimberly Johnson
Something like putting your fingerprint down on a fingerprint scanner in combination with a password. And that's something, if you think about you probably do Aaron right every day, if you log into your bank account, my guess that they sent you a text message with a code, it's become pretty standard. And so why that's so important is passwords don't work anymore. I think the latest stat was around 86% of breaches are related to stolen credentials. In other words, passwords, one of my favorite charts out there, you can go look up as the top 200 most common passwords. And in that chart, there's a column that says exactly how long it takes to hack them. And usually it's within seconds. And so the most common password still remains. Even after 10 years of me doing this password 1, 2, 3, 4. So we've realized that that's not enough and it really doesn't prove that Aaron you're the one accessing the thing that you're trying to get into.
Kimberly Johnson
The only thing I know is whoever's trying to access has the password. So multifactors is so important because it's an additional way to increase your positive identification of the individual that you really can try to get closer and closer to the person is who they say they are. And that will basically either prevent attacks. So hackers can't get a password and then just get in. And then also when an attack happens like a phishing attack, people send you that email and say, Hey, click here to send me money. That will prevent it from proliferating across the organization. So as somebody gains access, let's say through a vulnerable point, when they go to the next account or they try to go across an organization and get into more data and more systems they're met with additional barriers, which is this multifactor authentication. So just really critical. I would say I haven't seen a point yet in my career where this has become this hot of a topic just from being talked about in the news. There's an executive order from the Biden administration, even saying that it's mandated for federal so very critical and very, very important to organizations.
Aaron Keeports So if it is so important and top of mind recently with these massive cyber attacks being covered in the news, do you know why some businesses might not be implementing it or why they don't seem worried about cyber attacks and are resisting implementing multifactor authentication.
Kimberly Johnson
So sometimes it perplexes me because I'm in it. I eat, sleep, breathe it. I know it's such a preventative thing. So it is a great question, right? Like, okay, well, if there's an answer to the problem, why wouldn't you solve it? And so there's a couple of things here. One is that people just don't believe it's going to be them. Oh, colonial pipeline got hacked, but we're small. We won't be targeted. That mentality happens a lot. And also cybersecurity for a really long time has been a bit of an insurance policy. So like, oh, well we put it in place, spent the money we've implemented it and we didn't get attacked. So was the investment worth it? Right? Like the ROI and the return on investment of multi-factor is sometimes hard to measure for folks if they don't have an actual breach happen on that note from firsthand, I just did a presentation actually with the county in California and they didn't have it.
Kimberly Johnson
And they had a massive phishing attack. And that basically instigators said, okay, we really have to put this in place. So that's not recommended. Right. But that is kind of the thing. It's like, ah, it's not going to happen to me. The other thing is it's not straightforward to implement. It does take IT security specifically expertise to do. And we have a cybersecurity professional shortage right now. I think the latest thing I saw was about 3 million professionals in terms of a shortage that the globe needs. And we just don't have. So the expertise and the skill set in-house and some of these organizations, especially smaller ones may not be something that they have and it's daunting, right? It can be complicated and complex and everything else. And then I'd also say that people, us are some of the worst people at cybersecurity. I will be the first one to admit, I don't like doing multifactor, right?
Kimberly Johnson
Like if I'm trying to get my work done and I'm trying to gain access to Salesforce and HubSpot and all these apps, I'm trying to go quick. I got campaigns to get out of a marketing person. The last thing I want is to be stopped and said, Hey, go check your phone and type in this pin. So it's a workflow challenge in healthcare. For example, doctors complain because it keeps them from getting to patients. I'm trying to treat somebody for our heart attack and you're trying to get me to log in. It's like the last thing they want to worry about. So people and change management and adoption is also a big factor there. And then the last thing I would say is cost. It's not cheap and it's not free to implement some of these things is $5 per user per month. And if you have 11,000 people or even a thousand people that begins to get pretty expensive pretty quickly.
Kimberly Johnson
And so I see a lot of organizations also say, okay, I realize I now need this, but I'm only going to implement it where I absolutely need to have it. In other words, I'm only going to implement it for really privileged accounts, like counts that have keys to the kingdom. And that used to be okay. However, hackers are figuring out that they just need one point. The solar winds hack was a VPN account that had a stolen password from years before it was out on the dark web. And it was kind of an abandoned account. It wasn't like it was the CEO's login. It's a multitude of things in terms of attitude, cost, and even expertise to get it in place,
Aaron Keeports
Going off that, how has the shift towards working remotely impacted multifactor authentication? So that can either be people are slower to adopt it now, or maybe they're quicker to adopt it because they realized their employees are spread out. Or do you think it's been hindered since employees aren't in the office and companies can't get presentations on the topic to kind of warm employees up to the idea, especially because we know people are resistant to change.
Kimberly Johnson
So kind of all of the above and going back to my first statement on how business transformed to digital, COVID just blew that out of the water in terms of every engagement with your employees, your customers kind of all across the suppliers became online. And so it's even more important now. And hackers had a field day. I mean, COVID was probably like Christmas for them because organizations went, oh my gosh, we got to move stuff to the cloud. We got to move stuff to remote. And they put the technology in place and the security is coming after. So there's vulnerable systems that are being put out there. But the shift of working from home had a few impacts. One, it made it more important because you are now sitting at your house and your cybersecurity knowledge to protect your network, be on a good corporate device, go through VPN as an individual. Who's not it not, it security, your knowledge and cybersecurity kind of savviness. Isn't nearly as much as it would be as if you're sitting in an organization where they control the network and everything. Right. Um,
Aaron Keeports
I’m not even worried about it too. Like it's not a worry to me, cybersecurity. I'm not thinking about it. I'm just here doing my day to day job.
Kimberly Johnson
Right? I bet your network password is probably, you know, the default like came with the routers and things. And I encourage everybody sitting at home, even if you're not in it and security, or you've never heard a multifactor realize that now you as an employee actually are responsible for keeping your organization safe. Just as much as everybody else, you have to make sure that you're maintaining that security and keeping things safe. The last thing you want to do is have errands, VPN account, be the one that put everybody in the news and had to scramble to save data, right? Like that's not where you want to be. So I think it impacted that way. I think a lot of organizations have increased cyber security awareness training for that perspective and improved it. Now on the other side, too, some methods of multifactor are harder to do when somebody remote.
Kimberly Johnson
For example, one very common method for very sensitive information is a hardware token literally is like a little device like USB key. You can think of that. You plug into your computer and again, it's something you have and you tap it. And it says, okay, here's the second factor. And it sends an encrypted blob and all this fun tech stuff and basically says, okay, not only has Aaron put in this password, but he's also got his hardware token. So if we're getting closer to saying he is who he says, he is, well, people lose tokens. IT has to ship tokens. And so if your only way to get in is that token and you lose it and you're at home. What do you do from a usability perspective? There were just new challenges that came up and not being able to see people in person and be able to lock down their infrastructure and lock down these systems shifting to work from home, just blew this completely out of the water.
Aaron Keeports
And then let's say company is interested in utilizing MFA technology. Are there any practical steps that they should take when first getting started with implementing it?
Kimberly Johnson
Yeah. I have kind of five steps to this. I'll go over them really high level. But the first one is to assess your risk and assess your people. And I mean that in the sense of you have to start somewhere. So a lot of times people kind of get analysis paralysis around this, right? Like, oh my gosh, I got to secure every account and put MFA everywhere for everybody. And it becomes really daunting for people if they don't know where to start and they don't know where to begin. And so what I say is assess your risk. In other words, take an inventory of the systems, the applications, the data, and figure out how risky it would be if somebody gained unauthorized access. So a great example is my online lunch menu let's say is a lot less risky than my HR portal. So like securing my HR portal, I would prioritize first and make sure that everybody that has access to that portal has multi-factor in place before the people that have access to online learning portal or lunch or whatever it may be.
Kimberly Johnson
So that's kind of the first thing. And then, like I said, MFA, a lot of it is about change and change adoption. People like the CEO tends to be sometimes the worst person to get to use MFA. And they're the most targeted. But when you get up to certain levels and importance and everything, you don't want your day-to-day interrupted, right? I kind of gave that overview of don't interrupt my day, that gets worse as you kind of go up the executive ladder. And so understanding what users in your organization, how their day-to-day operations work and then figuring out the best methods approach to them is really important. Otherwise they won't adopt the security and security is only good as much as it's used and adopted. So that's the first one, assess the situation. Make sure you understand it, then pick your authentication methods. So the example I gave you with hardware, tokens, hardware, tokens don't work for everybody.
Kimberly Johnson
Even more importantly, the standard factor has become phone-based well, smartphones are great. I have one, I don't know. Aaron, do you have an iPhone? I have an iPhone 11. Okay. All right. Believe it or not, Aaron, there are people out there that do not have smartphones. I know crazy concept, right? But they have flip phones or they have other things or they work in a building. They're not allowed to have their phone, like a call center because people at one point in time were taking pictures of data. They're not supposed to. So they're not allowed to have phones where there's no cell phone service is a good one. This older buildings. I like more solidly though. Right? We work in education, a lot, the basement office of whatever building doesn't get service. So if the only method you gave this person to log in is based on getting a text message, guess what?
Kimberly Johnson
That's not going to work all the time and it's not going to work for a hundred percent of your users. So multifactor is a lot about not doing one size fits all, make sure you give users multiple options. So if I was implementing security and MFA for you, for example, I would give you probably an option with the phone. I might give you a biometric option. And then I might give you an option of printing codes that you can cross out as you use them. You need to give people flexible options is priority. Also, number one,
Aaron Keeports
I have a question and you touched on it before, but I was wondering if you'd go into more detail of what you mean when you mentioned biometric, as it pertains to multi-factor authentication.
Kimberly Johnson
Sure. So biometrics is something that you are. So a lot of people think about this as a fingerprint scan, you know, mainstream iPhones have brought in convenience methods of biometrics. That's probably way too deep to go into on this podcast, but face ID to unlock. There's some amazing biometrics out there too. Like Iris, voice recognition is one. We have Palm scanning, for example, and there's even behavioral biometrics, like how you behave and how you type what you do. So biometrics is in my book, the closest possible authentication method to getting to you are who you say you are that positively identifies the person. Nobody else can put your fingerprint down. You have to be sitting there and using your fingerprint to do that in the most simplest ways that, like I said, we probably should do a whole podcast on biometrics. And the misconceptions of them biometrics are our very strong method.
Kimberly Johnson
And they're good because you don't have anything extra to carry. You don't have anything extra to remember. You can't forget your finger for the most part and everything. So yeah, that's the biometric side of it. And then the rest of the steps. So defined security policies. That's what drives all these methods and what gets implemented. Um, step four for me is a communication strategy. So like you have to get your board of directors and CEO on board with the importance of this and in a way that they understand it. In other words, and we were talking about this a little bit before we started, but cyber attacks, aren't just about stealing data. It's about your reputation as a company. You don't want to be in the news. You don't wanna be in the news as not safeguarding people's data. That's a bad place to be and helping the business realize that helps them with the change management. So communication is absolutely critical to get it adopted. And then, like I said, start somewhere, step five is phase rollout. Absolutely. Don't try to put MFA everywhere tomorrow. You want to step it through and say, okay, we'll start with our own IT team will then go to maybe more privileged access. We'll pick the marketing department because they're pretty open to change. You want to roll it out versus all at once.
Aaron Keeports
That makes sense. Kind of like smaller steps, not frequent, but out in the company or overwhelm them with change. Because like we said before, people can be very resistant towards change, especially in the workplace.
Kimberly Johnson
Yeah. And then, so great example, healthcare, what a ER person does every day and need for security and authentication is wildly different than the surgeon that's operating for 12 hours at a time. And so if you don't understand that and don't implement it enrolled, it's going to fail. You're going to roll something out and it's one big bang, but it's harder to retract that. And then it gets a bad connotation like, oh, that MFA stuff really was a pain versus get some champions, roll it out successfully and low roll at
Aaron Keeports
Now back to the episode, when thinking about current events, is there anything going on in this to your market that you're seeing that might increase the adoption of multi-factor authentication?
Kimberly Johnson
So there's a lot of compliance standard out there. They continue to change, they continue to morph. So I won't go too deep into those, you know, it's industry specific. So like in finance FFIC is one in healthcare, HIPAA and protecting data is another one I'd say in government, a big compelling event is the, like I mentioned, the executive order from Biden acquiring zero trust and multi-factor and in a very short amount of time, actually the most compelling event right now that we're seeing is cyber insurance.
Aaron Keeports
Can you briefly go over what cyber insurance is for us?
Kimberly Johnson
Yeah. So cyber insurance is insurance. So when you get breached or when you have an incident or you have data loss, they help you recover. So similar to having a heart attack, healthcare insurance covers the cost. If you have a data breach or some kind of cyber impact or cyber risk impact, the insurance policy and everything covers it. Well, cyber insurance, again, probably a whole nother topic for a podcast, but cyber insurance, my guess is collection wise, not sure how much it was being collected on. I know there's always been conversation about what they will and won't cover and with COVID and ransomware, you're now talking about cyber insurance, paying ransoms, which is controversial in and of itself, right? The FBI will tell you don't pay ransoms regardless, but some of these ransoms are millions and hackers are actually figuring out how to hack cyber insurance companies to see who's insured and who can afford to pay the ransom, which is even worse.
Kimberly Johnson
Right? And so cyber insurers are not about paying right. Insurance companies assess the risk cover with the policy and hope you kind of don't collect that is essentially a cyber insurance business. If they have too many people collecting on their policies, their business models a bit upside down. And so what's happening is cyber insurers are now going back to organizations that renewal and saying, if you don't have multifactor in place and other security controls, we AE might raise your premium better a hundred, 200% even, or we won't insure you flat out. We just won't insure you. So it's a bit like preexisting conditions, right? There are certain things that will either increase your premiums or make you ineligible. They're now starting to do that for cyber, which is fascinating. It may actually kick some tails into gear to get MFA in place.
Aaron Keeports
It's like it's giving companies a guideline or best practices that should be adopted because if insurance companies start mandating these steps, that could be a new gold standard or best practice that companies will start implementing. Even if they don't pursue getting cyber insurance, since it's coming from the experts,
Kimberly Johnson
You got it. It's that kickstart to it companies that want cyber insurance. Cause they're starting to get more concerned about a see that it's not, if it's when, but we always say then to get a policy, they have to have a controls. And then people that are happy with their cyber insurance, but have kind of done that. We don't need it. It's not going to happen to us kind of attitude. Cyber insurers are basically recognizing it's going to happen and you need to put these controls in place. So yeah, it's a great compelling event we're seeing out there.
Aaron Keeports
Right. And that last point highlights that it's not a matter of if it's a matter of when.
Kimberly Johnson
Yep. I actually just saw an article that was saying that people are tired of hearing about breaches. And I was like, well, we've reached a new critical mass when they're tired. I always tell people the story. I went to in-person conference. Believe it or not in July. And my Uber driver was asking me about ransomware that never happened.
Aaron Keeports
Yeah. That's not the typical casual conversation or small talk you'd expect to have with an Uber or Lyft or taxi driver.
Kimberly Johnson
Yeah. No. And I did get to pose them a little bit and say, just so you know, this isn't happening for like decades, you know, I mean, ransomware is not a new concept. It just so happens that now there's just so much of it happening all the time.
Aaron Keeports
We kind of touched on how important it is to get CEOs on board when it comes to MFA because you're introducing new technology to their company. Is there anything that stands out as the most important thing you'd want a CEO of a small or medium sized business to know about multi-factor authentication. If they're newer to the topic and the technology.
Kimberly Johnson
Yes. A couple things. One is be the champion for it. Don't be the blocker. Like I said, I don't know if it's just, it's an inconvenience thing or it's not going to be me or no, no. I know how to secure whatever, but it starts from the top. And so I would really encourage CEOs to understand what are you doing about multifactor work with your chief information security officer or your it security teams and be the first one to adopt it. Don't be the last one. And the one that is difficult to get to adopt adopted, be the encouraging force behind it. And what I had talked to you about before, like I said, and I'll reiterate it is, this is not about some records and your server being hacked. This is about your name being in the news. If you want to see a compelling video, Kaseya who just had an attack, their CEO did a video to basically outline the response they did, which was phenomenal.
Kimberly Johnson
They had an amazing disaster recovery plan and bonds. You should see how tired he looks. It was a huge effort. And it's your reputation on the line? Your customer's question, your business at that point and whether or not you're keeping them safe because we're now all pretty aware that this is a problem and something that's going to happen and it impacts revenue. I don't think you're keeping me safe or you keep sending me emails that say, sorry, your information got hacked. We'll issue a new card or something. What confidence do I have in your business? And potentially I can go to a competitor that does keep me safe. I would say cyber risk is right up there with financial risks terms of things that CEOs should be worried about. And then I know the last point I'll make, we talked about large versus small and medium businesses.
Kimberly Johnson
That attitude of like, well, I'm small, I'm not colonial pipeline, you know, or I'm not MasterCard or any of these giants. And the thing that you have to realize is now that we're digital and we're connected and people outsource things, you are part of the ecosystem. The smallest organization actually is a perfect place for a hacker to start. If they're trying to go after the bigger guys, because we now use third parties and we use suppliers to do things for us. And so that's really, really important to think about too, is we're all linked together. We're all in a chain together. And so if you're the weak link, you could potentially impact business for everybody. And so it's an interesting social responsibility questions. COVID is a good example of like mask wearing. Not vaccines are not right social responsibility or not. I think a cybersecurity lens, same way. It's like, are you patching your systems? Are you putting multi-factor in place? Because it can be a systemic thing. If you're the one that gets breached, it can spread across the globe. Everybody you're connected to. So that's my message is to CEOs, CIOs, across the board is you got to pay attention and has been time for quite a while.
Aaron Keeports
You also mentioned how companies don't want to end up in the news as consumers keep putting more and more information online and sharing it with these businesses. Consumers need more security and trust with these companies. So if consumers start seeing companies in the news, that's been under attack and they use their platform or services that consumer can very quickly deactivate their account or cancel their subscription and take their business to a competitor that is not exposing them to unnecessary and unwanted risks.
Kimberly Johnson
You got it. And actually in that kind of supply chain scenario, there was an incident for example, where I believe it was Ticketmaster had outsourced some of their ticketing routing system and just operations to a third party, never heard of the third party, the logo that was in the news, it’s Ticketmaster. So that's the other thing. If your logo is, is a good logo, even if your supplier or somebody else's had a breach down your supply chain, you're going to be the one that's in the press release. You're going to be the one that's in the news. You're gonna be the one that's nowadays on CBS or Fox or whatever, being interviewed as to what are you doing to prevent these things? What's your plan, you better have one, it’s going to happen.
Aaron Keeports
It's like that old saying the bigger you are, the harder you fall.
Kimberly Johnson
And if you're a big logo, they really like putting your name in the spotlight. And the worst thing would be not only to have your company in the spotlight, but then, oh, and the CEO's VPN access is the one that, you know, like that's a bad place to be. You don't want to have to go stand in front of your board and explain why you didn't want to implement a simple pin code or token or something because it's inconvenient. And that's now why you're in the news. It's just not going to cut it anymore. In terms of where we're at
Aaron Keeports
Segwaying into the final parts of this episode. Can you give us some information on what services BIO-key offers its clients?
Kimberly Johnson
Yeah, sure. So, you know, you kind of went over a little bit of a blurb about us. We have been in the business over 27 years. Now we do provide identity access management with integrated identity bound biometric solutions. And so we help companies do things like reduce password reset calls. So if you forget your password calling the help desk, we help them eliminate passwords, secure remote access, prevent phishing attacks and just improve overall productivity for the IT team with our solutions. Our main solution is called PortalGuard and it provides things like multi-factor authentication single sign-on self-service password reset. And then as I mentioned, we have been a global leader in biometrics for our whole history of our organization. And so we're the only ones providing IAM with these high integrity, high accuracy and secure biometric methods, which includes things like fingerprint authentications with both software and hardware. So we sell scanners that you can scan your fingerprints. And we're the only ones with a mobile application that you can do a Palm scan, very simple, very convenient and extremely secure. And that's our MobileAuth with PalmPositive solution. So, but in it a long time have well over a thousand customers at this point, anywhere from the federal government higher education and just overall providing these solutions. And we're always happy to help consult an organization if they're just not sure where to start
Aaron Keeports
Looking at the variety of industries you listed that BIO-key commonly works in, it really goes to show that MFA is for everyone.
Kimberly Johnson
Yeah. People ask me, what's your target market. Do you log in? Do you have anybody accessing? I think so. We kind of joke, you know, I've seen some really wild market assessments. I think the latest one was about a $34 billion market assessment on multi-factor, but it's anyone that has systems that people access. And so that's the whole globe. We do have a really strong footprint in higher education state and local government healthcare and finance is kind of our primary market, but yeah, any organization with sensitive data or any data that people are trying to access.
Aaron Keeports
Lastly, can you list off the social media channels and the company website for bio key? So people can learn more about the company and the services you offer and also just they can engage and communicate with you guys if they wish
Kimberly Johnson
The best way to learn about BIO-key is our website. So it's bio-key.com. You can find me personally on LinkedIn. I connect with everybody. I love talking about these things and we have a lot of great content. We've a really strong blog too. You can find on our website, but most of that information is there and we do have a state of multi-factor authentication, ebook and survey. We actually just came out with. So that's a great piece of content to go check out on our website in our resource center
Aaron Keeports
That wraps up today's episode of QSites on why organizations need multi-factor authentication and what are the barriers to implementing it. So let's give a big thank you to Kimberly Johnson at BIO-key for joining us today.