I think we can all safely say we have heard the term MFA (Multi-Factor Authentication) thrown around an awful lot lately. It really poses the question though; it is really all that it is cracked up to be and is it worth all the hassle getting it setup?
Is MFA Important?
The short answer, yes, absolutely! MFA has been the saving grace for many of our customers as passwords begin to get easier to compromise. Its not like the old days where someone would need to try hundreds or thousands of different password combinations until they found the right one. Nowadays, people can actually purchase your passwords from the dark web, so all they really need is some crypto currency and a motive, two things cyber criminals generally have an abundance of. Once they are in, they can generally access all your emails, files and content and copy or distribute as they see fit.
Where MFA protects you is by preventing access to your account, even if your password has been compromised. We have all used internet banking for years and have used the tokens or text message authorisations that come with it. MFA for your systems is no different. A token or notification is provided that requires you to complete an action to verify that the login attempt is legitimate. So short of the scammer having your password and your mobile phone in their hand, its unlikely they will gain access to your account.
You will also note that a lot of third-party applications like Xero, QuickBooks and some CRM packages are also encouraging you to use MFA when logging in to each of them respectively. Expect to see this happening more often across all systems that you use. It just makes sense.
Things to think about when enabling MFA
Turning MFA on is quite simple however the biggest challenge users face is around the experience when it is turned on. After all, you are making it harder to log in, so naturally there will be some resistance when enabling it. It is important to spend the time educating your team on what it will be like moving forward and make sure they understand the steps to take before turning it on. What’s more, helping them understand why it is being implemented and the risks to the business if MFA isn’t enabled generally gets everyone on board and assists in user adoption. You may choose to do this as part of your Security Awareness Training.
We have found that when change management is taken seriously and is well managed, the implementation can be very simple and cause minimal disruption. On the other hand, when done poorly, it creates negative user experiences and can quite often just turn in to ‘another computer problem’.
Now that we know that MFA is a ‘must have’ where do you start? First off, it is good to look at all the systems that you use and understand the MFA capabilities of each, respectively. You can then reach out to each of these service providers to gain some guidance on turning this on. When you have got an idea of the capabilities, create a plan to roll this out gradually for each service to avoid bombarding your team with change.
You may also choose to work with your IT Support or Managed IT Service provider to have this implemented. Our team have implemented hundreds of MFA solutions for organisations all the way from a single application, all the way through to comprehensive environment. We would be more than happy to discuss your requirements and see how we can help. You can call us on 1800 664 248 or Reach out to our team today if you would like some more information.