Passwords are a lot like keys. Some keys are better and more sophisticated than others, and a locked door is obviously more secure than an unlocked one. But people are…funny with their keys. They lose them. They “hide” them under fake rocks, in their shoe, or under the mat. They make duplicates and forget who they’ve given them to.
Also — for better or worse — anyone with a key can use it. And when it comes to cybersecurity, getting access to someone’s “key” is pretty darn easy. That’s why passwords — even good ones — just aren’t good enough.
What Is Multi-Factor Authentication?
In addition to using a password, multi-factor authentication (MFA) requires users to verify their identity through an additional step.
There are three different categories of things you can use to do that:
- Something you know (a password or PIN)
- Something you have (your device)
- Something you are (your face, your fingerprints, etc)
So while that “additional step” can be irritating for some people, once you get used to it, it’s really not that bad. If you’ve ever entered a PIN after swiping a debit card, that’s MFA. It only takes a second, and helps protect your bank account if your card falls into the wrong hands.
Why Businesses Need MFA
I alluded to this earlier — people are funny with their keys. Even now, when hacking is a common source of frustration, Americans are lax with their password habits:
- Two-thirds of Americans reuse passwords
- 59% of American adults’ passwords contain birthdays or easily guessed names
- 13% of Americans use the same password for all of their accounts
That means that when your colleague, Sam, falls for a random phishing scam on social media and enters his password into a malicious website, there’s a good chance that a criminal could use that same password to access your systems and data. Even if Sam doesn’t reuse passwords, a clever hacker could impersonate a colleague or another vendor to phish Sam’s credentials to one of his business accounts.
But…Sam’s too smart to fall for phishing scams, right? I’ve got some bad news for you there as well. Around a third of Americans are highly susceptible to phishing, according to KnowBe4’s 2023 Phishing by Industry Benchmarking Report.
So sure, cybercriminals can use brute force attacks to crack a password. But for the most part, they don’t need to. Brute force attacks are only responsible for 5% of data breaches, and the biggest reason for that is that most people — like Sam — are doing the work for them by providing their credentials — and password retrieval answers — to malicious websites.
Fortunately, there’s one thing businesses can do that can prevent 99.9% of cyberattacks. Can you guess what it is? That’s right. It’s MFA.
Benefits of MFA for Businesses
No one’s asking every small to midsize organization to be Fort Knox online. And you don’t need to be. The vast amount of cyber criminals out there are opportunists looking for a quick payout. Not only does adding MFA help make you a much less tempting target for them, but as security upgrades go, it’s low-hanging fruit.
1. It’s Relatively Easy To Add
Depending on the tools you’re using, adding MFA to any software can be as simple as just activating it. Most modern platforms will have this feature. However, I’ll offer a few caveats: Adding MFA to a large group of users that all work on different devices from different locations is more challenging, and so can integrating MFA across a wide variety of different apps and services.
Pro tip: If you haven’t yet added MFA, it also might be a good time to rethink your tools. If one more powerful tool could replace three lesser ones, you might want to make the switch sooner rather than later.
2. It Can Help You Meet Compliance
Regulatory bodies like NIST and others have either strongly suggested or mandated the use of MFA, especially for accessing systems containing personal, financial, or healthcare data.
3. MFA Can Help You Win More Business
If you provide goods or services to other businesses and you haven’t been asked to demonstrate that you’re safe to work with, it’s probably going to happen soon. One of their biggest questions will probably be whether or not you require MFA for all users. A “yes” answer can help you preserve the clients you have and potentially win more.
4. You’ll Meet MFA Requirements for Cyber Insurance
The cost of cybercrime is skyrocketing, and where there’s significant risk and potentially severe financial consequences, you find insurers. But just like any home or auto insurance provider, if you don’t take reasonable precautions to avoid catastrophe, your claim may be denied, or you may be denied coverage in the first place.
During the underwriting process, your cyber insurer will need to evaluate your risk. Organizations with weak or no MFA in place might be denied coverage or charged a much higher premium.
The Easy Way To Implement MFA in the Workplace
Whether you need help with vendor due diligence or just adding MFA, our US-based team of 650 certified systems engineers and technical representatives is at the ready. We’re perhaps best known as a managed services provider, but we also can pitch in on one-off IT projects.
Click the link below to talk to a security specialist!