With your business operating increasingly online, and your employees working remotely from various locations and devices, your data has never been more vulnerable. When it comes to your employee email accounts, even strong passwords are at risk of hacking; this is why a second layer of security is vital. Multi-Factor Authentication (MFA), also referred to as Two-Factor Authentication (2FA), provides just that.
What is MFA (Multi-Factor Authentication)?
MFA, an acronym for Multi-Factor Authentication, secures your online accounts by demanding proof, beyond your password, that you are the authorized user.
Multi-factor authentication examples include:
- Something you know, such as a password, the answer to a security question, or a one-time passcode (OTP) sent to your mobile or email.
- Something you have, such as a mobile authenticator app or physical key fob.
- Something you are, through the use of biometric identification such as facial or fingerprint recognition.
MFA involves combining two or more of these elements.
Why use Multi-Factor Authentication?
If you’re thinking “Should I use multi-factor authentication?”, the simple answer is yes. MFA is a fundamental cybersecurity measure for businesses of all sizes. As well as helping you to avoid costly data breaches, MFA can keep you compliant with cybersecurity measures laid out by authorities and regulatory bodies, and help you to gain the trust of your customers.
Although not impossible, MFA bypass attacks are incredibly rare due to the cost and complexity of carrying them out. In fact, Microsoft claims your account is 99.9% less likely to be compromised if you use MFA instead of a password alone. Besides multi-factor authentication statistics like this, some key reasons to enable MFA include:
Dark web password buying/selling
Stolen credentials are big business. No matter how strong your password is, breached websites and email phishing scams can put it at risk of being stolen. Databases of compromised account information are readily available for sale on the dark web, and cybercriminals use these to carry out large-scale automated login attempts. If your email password is stolen, MFA acts as a second barrier.
Cloud-based accounts are key targets for attackers. If a cybercriminal gains access to your email, online banking, or online retail accounts, your personal, financial and business information could be at their disposal. They can then use your identity for fraudulent activities, such as carrying out unauthorized wire transfers or online purchases. Simply enabling MFA can prevent this costly and potentially life-changing violation by alerting you to the attempted transgression before it’s too late.
Antivirus and firewall systems aren’t enough
Antivirus and firewall systems are important in protecting your office network, but they can only protect against what they have been programmed to recognize. They can be manipulated and bypassed by hackers, particularly if your employees fall for phishing attacks. They are similarly of little use when your employees access company data and accounts from their personal devices—especially if they are connected to an unsecured Wi-Fi network. MFA can give you peace of mind that your data is protected no matter what.
Common misconceptions about MFA
It’s clear that multi-factor authentication benefits business owners. So, why do so many people overlook this simple yet effective cybersecurity measure?
A common excuse for avoiding MFA is that it is too time-consuming. However, MFA takes a matter of minutes to set up on an individual account. Plus, after the first time you log in, you can choose not to be prompted on that device again unless anything changes. This means that you only need to provide secondary authentication occasionally—not every time you log in. Depending on the contextual controls you set, MFA will likely only be required when you log in on a new device or network.
There are various apps and tools that can be used to carry out MFA, which means users can select the one that is most convenient for them. In some cases, MFA can even remove the burden of remembering multiple complex passwords entirely.
Another common misconception is that only large enterprises benefit from implementing MFA. In fact, no business, no matter how small, is immune from cyberattacks. This means that SMEs should also view MFA as an essential part of their cybersecurity solution.
How to implement MFA within your business
Deploying MFA across your entire business is a little more complicated than doing it on an individual scale. Here are some suggestions for how to approach it:
- Choose the right solution: Opt for a multi-factor authentication solution that is easy to deploy. Avoid solutions that require additional hardware or software, and seek options that are easy to install and manage remotely. You must also take your existing IT infrastructure into account by selecting a solution that complements it.
- Start with admin accounts: Although the long-term goal should be for every employee to use MFA, you should start by protecting your admin accounts, as they have access to the most sensitive data and privileges.
- Plan for wider deployment: Next, you should focus on key accounts that would disrupt business operations significantly if they were to be compromised. You should also implement MFA on the most important applications first, such as email.
- Make it convenient: Phone-based authentication apps are one of the most secure and user-friendly ways to carry out MFA, though you should offer alternatives such as biometrics and automated voice calls so employees can choose which method works best for them. You should also implement controls on the circumstances and frequency of MFA requirement to avoid users having to go through the process repeatedly.
- Carry out training: After choosing which MFA technology to use, it is important to train your employees on how to use it and why it is important. You should also train your IT team how to deal with user issues such as failed sign-in attempts.
A step-by-step guide to MFA setup on key business software
By providing your employees with foolproof instructions on how to set up MFA for specific business software, they will be able to set it up themselves. Here are some pointers for two key platforms to get you started:
If you set up what Google refers to as “2-Step Verification” on your Google Account, you can use the Google Authenticator app to log in. This app can be used for non-Google accounts too, including Facebook, Twitter, and Instagram. Here’s how to set it up:
- Click “Security” in your Google Account navigation bar.
- Under “Signing in to Google”, click “2-Step Verification”, “Get Started” and enter your password.
- Choose how to get your 2-Step Verification (click “Show more options” to see all). For verification by Google prompt (recommended), install the Google Authenticator app on your mobile device.
- On the app, click set up account and then scan the QR code on your computer screen. Next, you will be asked to enter the six-digit code that displays on your app.
- Verify your chosen method by clicking “Try it now”. You will receive a prompt to your mobile device saying “Trying to sign in from another device?”. Click “Yes” to approve the request.
- Add a backup option. You can provide a phone number to receive a text or call, or opt to download a series of backup codes, or one-time passcodes.
- After testing your backup option, you will be prompted to turn on 2-Step Verification.
The easiest way to use multi-factor authentication with Microsoft 365 is through the Microsoft Authenticator app, which requires the simple click of a button for authentication.
- Download the Microsoft Authenticator app on your mobile device.
- Click “Add account”.
- On your computer, sign in to your Office 365 account.
- Go to “Settings” and select [Security/MFA].
- Under “What’s your preferred option”, select “Notify me through app”.
- Tick the box next to “Authenticator App or Token”, then tap “Set up Authenticator app”.
- A configuration QR code will appear on your computer screen. Scan it via the app on your mobile device. This will automatically add your account to the app.
- Click “Done” on your computer.
- Once MFA has finished configuring on your device, complete the additional security verification page and click “Contact me”. You can then approve the sign-in via the app.
Need help with your business’s email security?
If you’re looking to strengthen your business’s email security, Jasco Technology is here to help. We offer dedicated IT services for your entire business, including implementing customized cybersecurity measures.
Get in touch with Jasco today for a 20-minute introductory consultation.