Jo Colebrook’s Multi-Factor Authentication (MFA) journey, Head of Healthcare Services for Salts
Jo Colebrook, Head of Healthcare Services for Salts Healthcare shares her experience with NHSmail Multi-Factor Authentication (MFA).
Salts Healthcare, a leading Dispensing Appliance Contractor (DAC), hold 20 dispensary sites across England, Wales and Scotland.
“We receive referrals of patients to our service and so NHSmail is key to having a safe and secure, two-way communication channel to exchange information with other care settings such as hospitals.”
What is Multi-Factor Authentication (MFA)?
Normally you use your email address and password to log into your NHSmail account. MFA is an additional way of checking that it is really you when you log in to your account.
In addition to your email address and password, you will need to set up a second form of authentication, such as an authentication app on your mobile phone, text message or phone call.
This second layer of security is designed to prevent anyone but you from accessing your account, even if they know your password.
Most people have Internet banking which requires an extra authentication method such as a one-time passcode or call. NHSmail MFA is similar to this, it’s an extra step to protecting your NHSmail account.
How did you get started with MFA and why is it so important in your organisation?
“As an organisation we instil the need for data security with our staff from the moment they join us and then regularly throughout each year. Therefore, they are very clear about their responsibilities and understand the importance of MFA when alerts came into staff inboxes.”
“We haven’t had to get to big stick or bang a drum or do any of those sorts of things because, the company leadership have naturally embedded MFA and security into the culture of the organisation, knowing that it is something they have to do regardless.”
Salts employees as part of their induction, must complete mandatory data protection training and understand the importance of handling data. All Salts employees have a duty of care and responsibility to protect patient data.
What NHSmail MFA method did you use?
“I chose to use the Authenticator app, it took me 5 minutes, I only use one pc for work, so it doesn’t ask me to re-authenticate every time I log in.”
“Everything works pretty well and is straightforward, but if I need any support the help desk are there if needed. If any staff get locked out or forget their password or if I need to create or close accounts, they provide a fantastic service!”.
There are three options available to authenticate your account: authenticator app text message or phone call. The recommended option by Microsoft is the authenticator app given it is the most secure option.
- Authentication App: Download the Microsoft Authenticator app to your smartphone to verify your sign in or to get a verification code
- Text message: A text message (SMS) is sent to the mobile phone number registered containing a verification code
- Phone call: An automated voice call is made to the mobile phone number registered prompting the user to press # on their keypad