Why You Need Multi-Factor Authentication Today

Cloud adoption is pretty much a given for companies these days. The increase in cloud use over the last few years has helped small businesses be more competitive, and it has allowed many companies to continue serving customers during the pandemic. Cloud technology can keep a business going from any location; however, it can also attract more attacks.

Hackers looking to break into company cloud accounts have increased the volume of attacks significantly. In 2020, attacks on cloud infrastructure skyrocketed by 630%.

With business networks under attack in a whole new way, companies need to pivot their security focus to protecting their online accounts.

What’s the Biggest Risk to Cloud Account Security?

The biggest risk to cloud account security is passwords. Employees have so many different passwords to keep up with these days that they adopt bad password habits, such as:

  • Reusing passwords
  • Using easy-to-remember passwords that are also easy to hack
  • Sending passwords through email
  • Not changing passwords
  • Storing passwords in non-secure places

According to Verizon’s Data Breach Investigations Report (DBIR), 77% of all cloud account breaches are due to compromised passwords.

If you’re looking to keep both your in-office and remote teams more secure, one of the best ways to protect your online infrastructure is to implement multi-factor authentication (MFA).

How Effective is Multi-Factor Authentication?

Multi-factor authentication entails an additional authentication step past the username and password. This is generally the entry of a code that is sent to a device set up by the user and that is in the user’s possession.

Both Microsoft and Google looked at studies related to MFA effectiveness, and both found it to be extremely effective at stopping unauthorized sign-in attempts.

Microsoft Study

Microsoft notes that its cloud services see an average of 300 million fraudulent sign-in attempts per day and that the simple solution of enabling multi-factor authentication blocks 99.9% of them.

Google Study

A study cited by Google looked at different forms of MFA and different types of attacks to grade the effectiveness of each one. Depending upon the attack type and MFA method used, it was between 76 – 100% effective at blocking cloud account attacks.

The study results found the following:

  • Receiving the MFA code by SMS:
    • Targeted attack: 76% effective
    • Bulk phishing attack: 96% effective
    • Automated bot attack: 100% effective
  • Receiving the MFA code through an on-device prompt:
    • Targeted attack: 90% effective
    • Bulk phishing attack: 99% effective
    • Automated bot attack: 100% effective
  • Authenticating with a security key:
    • Targeted attack: 100% effective
    • Bulk phishing attack: 100% effective
    • Automated bot attack: 100% effective

How to Get Past User Resistance and Implement MFA Successfully

Despite how effective MFA is, only 27% of small businesses and 44% of mid-sized businesses use it. Enterprises are already onboard, with 87% of them deploying multi-factor authentication.

User resistance to MFA is one of the reasons that more SMBs don’t use it and are leaving their cloud accounts unprotected. Following are some tips on introducing multi-factor authentication without all the employee pushback.

Give Employees Options

If you give your employees a choice in how they use MFA, you can gain more user support. People like to feel they have at least some kind of control over a process they’re being asked to adopt, so by letting your staff choose whether to use MFA with a security key, device prompt, or SMS, you can help them gain more acceptance.

Don’t Tell Your Staff at the Last Minute

People need time to adjust to the news that one of their workflow processes is going to change, so don’t tell employees about the MFA implementation at the last minute.

Give them some time to get used to the idea and to ask questions and voice concerns. The few weeks you spend addressing those concerns before you implement MFA can make a big difference in how users react to the new requirement.

Consider Adding a Single Sign-On (SSO) Solution

SSO can make the login process easier for employees and less time-consuming. Instead of MFA adding additional time to the workweek, if you couple it with SSO, you can save your team time on the login process.

The SSO technology connects to multiple accounts, enabling users to log in and authenticate once to access all their work applications.

Need Help Securing Your Cloud Accounts?

Don’t leave your cloud accounts unprotected! Twin State Technical Services Cloud Managed Services like Duo Security can help your Quad Cities area business with an affordable MFA and SSO solution that will significantly reduce your security risk.

Contact us today for a consultation. Call 563-441-1504 or contact us online.

 

References linked to:

https://www.cobizmag.com/did-cyberattacks-against-businesses-increase-during-the-pandemic/

https://www.tsts.com/infrastructure-network-solutions/

https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf

https://www.tsts.com/blog/working-remotely-safe-and-secure/

https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/

https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html

https://securitybrief.com.au/story/password-habits-still-key-obstacle-to-business-security-logmein

https://www.tsts.com/contact/

Tags: , , ,

Subscribe to our newsletter and stay up-to-date with all our news and posts!