Cybersafetyconnections July 18th, 2022, Vol #76
- MFA is……………..an electronic authentication method.
- MFA is important in preventing account take over (ATO).
- Though MFA is important, Small and Mid-sized Businesses are slow in putting it to use. Here is a breakdown for SMBs using MFA and those SMBs not using MFA.
- Breakdown of the issues holding SMBs back from adopting and implementing MFA according to the study by Cyber Readiness Institute.
MFA is…………..an electronic authentication method.
The multifactor authentication method (MFA) is a way of verifying the identity of a user by requiring two or more pieces of identifying information from the user in order to grant the user access to resources like an application, an online account, or a VPN.MFA is very important for identity and access control policy.
MFA is important in preventing account take over (ATO)
MFA is important in preventing account takeovers (ATO) and all the other cybersecurity threats that are associated with ATO.MFA tries to prevent cybercriminals from using stolen personally identifiable information to gain access to important services, data, and other resources.
Even though MFA is very important to identity and access control policy, Small -to- Midsized Businesses(SMBs) are slow at using it as part of their security tool kit. Here are the reasons why according to a study done by Cyber Readiness Institute.
SMBs not Using MFA
- 55 % of SMBs under consideration are not aware of MFA and its benefits.
- 54% have not used it and of this category, 30% don’t understand it, 17% don’t see any value in it, 15% said it was complex and 9% said it took up too much time to set up.
SMBs knowledge and awareness of MFA
So basically, SMBs lack the knowledge and awareness and unlike the big businesses do not have the cybersecurity budget and staff to handle cybersecurity issues.
- 28% of owners require MFA as part of their identity and access control policy.
- 4.30% have a general identity verification policy and do not include MFA.
- 5.27% of SMB owners said their policy mentions MFA but it is not a requirement.
- 6.15% said no cybersecurity policy at all.
SMBs using MFA
For those SMBs using MFA and giving their employees the option;
- More than half encourage its use when it is available.
- 39% have adopted MFA for identity and access management for critical hardware, software, and data.
Applications and accounts needing MFA
These have been listed in the order of importance.
- 45% the highest score was for databases.
- Accounting software and HR software were next.
- And others include social media accounts, email and calendar, productivity software, and remote access.
I would think in the area of hybrid work MFA for remote access would be of high importance.
Methods of MFA
Some MFA methods are more convenient than others.
- 29 % used push notifications to phone or alternate email address.
- 28% use one-time passcode
- 15% used token-based device
- 12% use time-limited and self-generated codes
- 7% use biometrics like facial or finger scanning.
- 7% use authentication apps.
Challenges of implementing MFA
The challenges of putting MFA in place and putting it into practice are listed in order of importance.
- Getting the funding.
- Getting the right resources.
- Getting the right tools.
- Maintaining the resources.
- Technical expertise to support MFA implementation and use.
- Resistance from employees.
Despite these challenges, MFA does not require a lot of effort to set up and provides great security benefits.
MFA is affordable and free if SMBs use Microsoft 365 and Google workplace.
In conclusion
MFA makes authentication more efficient and reduces the need to type the password or not have a password at all. Using MFA enhances cybersecurity and makes it more risked based by identifying where there is a high risk for the SMBs, making that a priority to the identity and access control management policy, and adjusting it when it is needed.
Subscribe to get the latest post
Your CyberSafety Advocate 