Cyberattacks are increasing in frequency around the world—and the problem is even worse in the U.S., where incidents jumped 57 percent year-over-year in 2022. Finance, insurance, manufacturing and professional service providers are among the most-targeted industries, but regardless, the outlook is clear: No business can afford the potential losses caused by a breach in their network or other protected assets.
Single-password logins are no longer adequate for protecting your business from a cyberattack. It’s simply a numbers game for cyber criminals, who use lists of hacked usernames and passwords to see where else they’re used online. Microsoft Cloud Services sees 300 million of such fraudulent sign-in attempts every day.
In response, savvy businesses and organizations now require an individual to verify their identity with multi-factor authentication (MFA) even after logging into an account with secure credentials.
What is multi-factor authentication?
MFA is a login verification method that requires you to prove beyond your password that you should be granted access to a system, and it’s very effective at confirming identity.
According to Ryan A. Higgins, chief information security officer at the U.S. Department of Commerce, MFA uses two or more forms of authentication:
- Something you know, such as a password or answer to a secret question
- Something you have, such as your phone or an authenticator app
- Something you are, such as a fingerprint or other biometric
The most common uses of MFA prompts in business today include logging into a company bank account, customer database or software for CRM, HR or other uses, as well as remote access to the network and cloud-based services.
Is MFA successful in thwarting cyberattacks?
A recent Microsoft study found that MFA reduces the risk of compromise by 99.22% and 98.56% in cases of leaked credentials. But not every company is getting the message.
In a global survey of 1,400 small and medium-sized businesses, the U.S.-based nonprofit Cyber Readiness Institute found more than half hadn't bothered to set up MFA. Of those who did, only 28 percent required their employees to use it. Cyber criminals love those odds.
Why should you use MFA?
What may seem like a minor inconvenience can save your business time and money in the long run. Here are three reasons why every business, no matter the size, should implement multi-factor authentication.
- Secure against theft of passwords and credentials
Fraud is a constant issue, per the millions of reports logged by the Federal Trade Commission every year, and identity theft makes up nearly a quarter of all fraud reports. As creatures of habit, though—and to keep from memorizing so many alphanumerical sequences—many people stick to a handful of passwords they use over and over again across the internet. When one site is breached and its users’ credentials leaked, bots spray sites across the web looking for matches. But MFA provides a second level of protection for those users.
- Protection from what you can’t see
Despite all the protections an organization can implement, the use of unmanaged devices or networks by employees is a wild card for systems managers. Home-based networks and—dare we even think it—public WiFi at a neighborhood coffee shop typically offer nowhere near the robust protections of a business. All it takes is one compromised WiFi router to provide a gateway for hackers to install password-harvesting malware. And without MFA, the game is on. - Staying compliant with regulations
Many industries and regulatory bodies require businesses to implement security measures to protect sensitive data. Compliance with these regulations may mandate the use of MFA. For example, HIPAA’s Privacy Rule mandates the protection of all individually identifiable health information created, received, maintained or transmitted in electronic form. And for businesses that work with citizens of the European Union, the General Data Protection Regulation (GDPR) requires companies outside the EU to safeguard personal data. MFA can be the answer to these privacy regulations.
Multi-factor authentication is a fundamental component of a robust cybersecurity strategy for businesses, helping to protect against a range of security threats and ensuring the integrity of sensitive information.
Download the Ultimate Guide to Data Security to learn how to protect your organization’s data assets.
