Multi-factor authentication: why it’s so much more than a cybersecurity issue
We’ve all had this experience—you’re trying to log in to a site, personally or professionally, and you learn that your trusty favored password is no longer enough. You discover you now need to receive a text and enter a PIN, or answer an extra security question.
And, if you’re like much of the general population, you’ve probably been at least mildly annoyed at this additional step, the increasingly common practice known as multi-factor authentication, or MFA.
But given the speed and efficacy with which bad actors operate, passwords, no matter how complex, have proven to just not cut it when it comes to preventing data breaches and cybersecurity attacks.
According to a World Economic Forum report from 2020, “cybercrime is set to cost the global economy $2.9 million every minute in 2020, and some 80% of these attacks are password-related.” And it’s no wonder why hackers are taking this route—reports vary, but as many as half of the digitally active population admits to re-using the same password over and over at some point in time, not to mention those of us who create simple, easy-to-use passwords…which, while easy for us to remember, also make it much easier for nefarious forces to easily access our email, customer information, or other secure data.
All that aside, as a small business owner, there are reasons beyond cybersecurity to implement multi-factor authentication across all of your systems, not the least of which is insurability. Most insurance companies are now requiring much more than the bare minimum when it comes to insuring businesses against cybersecurity threats.
But isn’t it complicated?
According to SUCCESS Cybersecurity Architect Chris VanAnda, if you can use a microwave, you can implement and use MFA. It’s that simple.
Still, if you’re concerned about how to get it widely adopted throughout your organization, or think it might be unnecessarily complicated, you’re not alone—those are common concerns VanAnda has heard many times over the years.
“No matter how many times we’ve brought it up, some people just don’t do it,” he says. “They don’t realize what a big deal it is, and they also think that it’s too hard, that it’s way more difficult than it is.”
Unfortunately, usually it’s a breach or data leak that helps MFA hold-outs see the light, and those breaches are much more costly (both in time and resources) to clean up than MFA is to implement.
“What happens—and we’ve had this happen numerous times—small businesses have been not wanting to get multi-factor, or say ‘we’ll do it next year,’ or ‘it’s too much change all at once.’” VanAnda explains. “But then they suffer a breach where a mailbox is compromised, and you know some of their data is potentially leaked—people will send out malicious emails from them to their clients.”
While it might seem like a big change initially, MFA can greatly reduce the likelihood that you have to explain sudden spam emails to your customer mailing list, and that is just the tip of the iceberg.
In recent years, in fact, Microsoft has reported MFA can stop some 99% of certain cybersecurity attacks.
But how can I get started?
There are many options when it comes to upping your MFA game, from biometrics to actual hardware devices, similar to a building key (think USB thumb drive or a SIM card).
Ready to set up—or increase the utilization of—your MFA? The first step is getting in touch with your SUCCESS or MSP account executive, who can help you on this particular simple-but-vital path in your organization’s overall cybersecurity journey.