How one carrier (the Hartford) rolled out MFA to its agents. What was measured, what was learned and how this shapes the future of the industry’s data security
By Jim Rogers
Multifactor authentication (MFA) is no longer preferred security protocol — it is a must. But what makes for a successful MFA implementation? It’s a pretty daunting idea at most organizations, but with the right plan, you can make it work and benefit from it.
At the Hartford, we accomplished both internal and external use of MFA and had a smooth time of it. Our success was largely attributable to an excellent change management strategy and thoughtful execution. I’d like to share some of what we did to help others with their MFA onboarding process.
The first step was putting a lead in place who was an expert at change management. We decided to start employing MFA within our own company first—a sort of test drive before making the ask of our broker partners. Our change leader assembled a team, which had representatives from every department at the Hartford. They did a deep dive into our structures, networks and capacity before ever promulgating even a draft of a solution. That months-long research effort gave them time to learn where our strengths were and where there might be a learning curve.
In the initial stage, we developed a set of benchmarks—key performance indicators—such as the acceptable number of attempted logins, successful MFA logins, denials of access and help desk calls. After extensive communication to and education of our staff on the importance and use of MFA, we deployed it internally.
As MFA went live inside the Hartford, we measured against our key performance indicators to identify problems so we could target corrections to smooth the process before external rollout. We took comments and sought feedback. By the time we moved to external rollout, pretty much all the bugs were removed, and we had a good sense of MFA’s effect on logins and help desk demand, among other systemic processes.
The next step was rolling MFA out to our broker and other partners.
