You’re probably familiar with multi-factor authentication (MFA) at this point. Many things that you log into require it if you choose to not remain signed in—your bank account, your Microsoft account, and more. You may find this a bit annoying; you know that it’s you who’s trying to access your account, after all. And what if you don’t have cell service? It can be easy to see this feature as a nuisance, so why would you enable it for your own employees?
The answer is simple—although you know that it’s really you who’s trying to log into your account, the service itself does not and needs some way to authenticate you. It really helps to protect your data and other business resources. Just a moment’s additional work can increase security significantly. Let’s take a look at how MFA can transform your business security.
Would you like to try Office Protect for free? Learn more in our Ultimate Guide to Office365 Security
What Is Multi-Factor Authentication?
Just in case you haven’t yet encountered it in your personal life, MFA is simply the process of requiring more than one form of identification or verification before allowing someone access to any secure information.
Usually, this comes in the form of entering your login credentials and then receiving a text with a random code on the number associated with your account. A common alternative is entering a PIN number that you’ve set up and memorized, or even a biometric reading.
Basically, the idea is that one single form of authentication (especially a password) can be easily compromised, but multiple ones can make account theft more difficult. MFA is so valuable that some industries have legal regulations requiring it.
Identity Theft: The Fastest Growing Crime in the U.S.
According to the FBI, identity theft is the fastest growing crime in the United States. An identity is stolen every three seconds, coming to almost 30,000 identities stolen each day. In total, 44 million Americans, or 1 out of every 5 adults, have been a victim of identity theft.
If those numbers seem shocking, it may be because most people have a false perception of how identity theft and hacking work. Many people imagine hackers as one-offs, just one person disgruntled with society sitting in his basement writing code.
The Business of Hacking
In reality, hacking is often a full business. Hackers employ hundreds of people to use malware or phishing techniques in massive attacks, employ servers to scan credit cards, and have call centers set up to draw personal information out of you or even record your voice. They can then either use this information themselves or bundle it and sell it to others.
Are Smaller Businesses at Risk?
You may be thinking, alright, I agree this is a problem, but would my business really be a target? Bigger fish to fry, right? Why go after a small-to-medium-size business when corporations like Equifax, Target, and Yahoo seem ripe for the picking?
Unfortunately, this is another common misperception. In reality, 31% of targeted attacks are aimed at businesses with less than 250 employees. These businesses are often less protected, and if criminals attack enough of them, they can still get a sizeable amount of data to sell without the press that comes with a large-scale attack.
The Problem with Passwords
So identity theft is clearly a problem—hackers are organized into corporation-like entities, and no business is too small to target. But that’s why we have passwords, right? Passwords verify that only authorized users are accessing our information.
While that’s the idea, unfortunately, passwords are often weak and easily compromised. Relying on just a password means that you are hinging the security of your entire business on what your least security-conscious employee decides to set as his or her password.
And even if you set up requirements to make passwords strong, and follow other guidelines such as turning off the requirement to change passwords, your passwords can still be compromised. Any phishing or malware attack, or even something as simple as watching someone’s keyboard over their shoulder in a coffee shop, can give a hacker someone’s password.
But what any of those attacks can’t do is get someone’s cell phone, biometrics, or personal PIN—doing so would be an entirely different kind of criminal activity. Requiring your employees to just have one additional layer of verification reduces all the risks that come with relying on a password alone.
How to Implement MFA
So how do you implement this security superpower? If you’re using Office Protect, you can access it from your dashboard—simply go into the settings, and you’ll see the on/off toggle menu. Here, you’ll also see that both the security impact and user impact are noted as high, which could rightly give you some pause. Is this something really worth doing if it causes a lot of workflow disruption?
The Joy of Having Options
Fortunately, Office Protect thought of that, too. If you feel like having MFA turned on for each and every user is too much, you can apply it only to your global admins, which is considered to have minimal workflow disruption. Enabling MFA for these admins is seen as a minimum security best practice, as these accounts have a much higher level of access than your average users do.
Enabling MFA may create issues for third-party software, so make sure to check with your IT team before implementing this policy to get ahead of any potential issues. Finally, MFA will never apply to the SecMon user in Office 365 that is created to enable audit logs and track activities.
As you can see, while multi-factor authentication may disrupt some user workflow, or even be seen as annoying, it’s an extremely strong security precaution that can help you rest better at night knowing that your data is as safe as it possibly could be. It can stop phishing attacks in their tracks and protect your accounts from unauthorized users.