Consumers today have a growing familiarity with multifactor authentication, or MFA, the security measure that requires two or more identity verification steps for access to a platform or system. Many of the services they interact with each day use MFA, from banking apps to social media networks.
So why aren’t more small and medium-sized businesses using it?
We recently polled professionals from more than 200 companies, each with no more than 500 employees, about their cybersecurity measures — and the responses we received on MFA implementation were surprising: Fewer than half reported using MFA.
Our findings reflect those of other surveys. A 2023 study by the Cyber Readiness Institute, for example, found that 44% of SMB respondents were “not very aware” of MFA and its security benefits.
Lack of awareness notwithstanding, the benefits of MFA are formidable. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), using MFA — including 2FA or two-factor authentication — reduces the likelihood of a hack by 99%. In addition, the implementation of MFA is relatively inexpensive, especially when you work with the right managed security services provider. Overall, this means that the return on investment on MFA implementation can be tremendously high.
Nevertheless, a handful of barriers is preventing companies from reaping this ROI.
Obstacles on the way to MFA…and how to overcome them
Let’s take a closer look at some hurdles stopping SMBs from adopting multifactor authentication and how businesses can address them.
Obstacle: Lack of in-house experience
Solution: Partnering with an external service provider
SMBs that use in-house teams for their IT and security have fewer resources than larger companies. Even if they happen to employ top IT talent, even the most talented practitioner isn’t well-versed in every technology. If MFA happens to be in their small team’s blind spot, its adoption becomes less likely. There is a workaround for this kind of blind spot, of course: Working with an experienced managed security services provider (MSSP) that can implement the latest, most secure MFA measures while freeing internal teams to concentrate on what they do best.
Obstacle: Concerns about inconvenience
Solution: MFA measures that minimize inconvenience
The “multi” part of MFA can be off-putting to busy professionals. Some simply don’t want to take
more than one step to gain access to their systems. The good news is that MFA can be implemented in ways that minimize inconvenience. For instance, one type of MFA allows users to input a code into their smartphones without leaving their lockscreens — in other words, they don’t need to log into their phones and access a separate application. Plus, strong MFA measures can reduce the need for stringent password requirements, reducing the inconvenience of constantly creating and changing complicated passwords.
Obstacle: Buzz around less practical solutions
Solution: Raising awareness of the power of MFA
We’ve found that when it comes to MFA, there’s not much hype — at least not in comparison to other cybersecurity solutions. For instance, recently we’ve noticed a good deal of buzz around data loss prevention or DLP, a security provision in which administrators are notified when files containing specific, sensitive information are being transferred from a company system. DLP can be a valuable tool, but it also requires sophisticated training of end-users on data-tagging and more. MFA doesn’t require nearly as much training and can often achieve the same result: preventing bad actors from stealing your data. The more awareness companies and their employees have about the value and practicality of MFAs, the easier it will be to win internal support for MFA adoption.
By partnering with an MSSP like Xantrion, SMBs can adopt the MFA processes that are right for them, overcome cultural challenges and compensate for internal IT team skill gaps, while positioning themselves to more successfully avoid cyberattacks. Contact us today to learn more.