The hyperconnected nature of our work and home lives — which the pandemic has only accelerated — means business owners need to adopt a digital-first mindset in order to thrive. But protecting your sensitive data and ensuring only the right people can access your systems is made more difficult with hybrid work. That’s why multi-factor authentication (MFA) is essential for any SMB operating in 2022 and beyond.
What is multi-factor authentication?
Multi-factor authentication is brilliant in its simplicity. It’s an electronic authentication method that adds an additional layer of verification on top of the basics, such as a username and password. It could be using a password in tandem with a code sent to your smartphone, or the combination of a physical token along with a PIN or passphrase.
Because small and medium businesses (SMBs) rarely have enough hours in the day as it is, it falls to providers to develop smart MFA solutions that can be quickly integrated into a business’s everyday operations. And that’s exactly what Cisco has achieved with Duo Security.
“Duo works with a variety of different authentication methods to suit any workforce, but we encourage our customers to use a push as their second factor,” says Rosie Samuels, head of small business APJC at Duo Security. “This is where the Duo Mobile app sends a two-factor push notification to your phone — something we all tend to have one us all the time these days — for really fast and easy access.”
Samuels says one of the main reasons why user verification is so critical is because the majority of breaches originate from compromised credentials, usually a weak password. Compromised devices are also a huge risk to organisations, with hackers frequently taking advantage of vulnerabilities in devices.
Addressing SMBs’ pain points
“We often speak with companies who are using MFA in some capacity within the organisation — usually protecting their emails and perhaps one other application,” Samuels says. “but it’s not enough. To really secure their business, all applications need to be protected with a single, standardised MFA solution.”
In many cases, these security gaps arise not only because of decisions made by business leaders, but from the MFA providers themselves. There may be limitations where it’s difficult to integrate with the organisation’s suite of cloud and on-premise applications. Duo’s Single Sign-On (SSO) feature eliminates this issue; included in every edition, companies set up and protect a central dashboard for easy and consistent user logins across any and all applications.
Alternatively, businesses may be facing a cost issue where it’s too expensive to deploy MFA company-wide, something Samuels says happens often, and was a reason why Duo went down a unique pricing path.
“We’re not complicated when it comes to our pricing model. We bill by users only, not applications or authentications,” she says.
Here are some of the biggest pain points we hear from SMB customers:
- Speed: SMBs are typically agile businesses that don’t have months to waste on testing and implementing IT solutions. Traditionally, security solutions are complicated and cumbersome to implement and manage.
- Simplicity: Not only is speed to security important in the SMB space, but ease of use is key both for the IT team and the end users.
- Lack of resources: SMB owners don’t have the luxury of large IT teams, so they need an MFA solution that is easy to use and implement, and won’t get in the way of their users’ productivity. After all, they have far more important things to manage.
- Coverage: SMBs need an MFA solution to cover their entire application stack – not only to meet the criteria for most cyber insurers, but to protect themselves from the increasing risk of cyberattacks.
- Value: Cost is always a key consideration for SMBs. No one wants to work with an organisation that tries to sneak in hidden fees or is overpriced.
“We take pride in Duo being easy to use, from the end users being able to get quick easy access to their apps, to simple deployment and implementation. Small businesses don’t have the luxury of maintaining large IT teams, they need a solution they can set and forget.”
Why MFA is essential for cyber liability insurance
Samuels says she’s seen a huge influx of SMBs getting in touch to discuss their need for MFA in order to meet the requirements to obtain cyber liability insurance, which is new for businesses of this size as historically only large organisations would take out cyber liability cover.
“With the pandemic we saw many businesses pivot to allow company access in a remote capacity almost overnight,” Samuels says. “That meant some very big business changes were made that weren’t necessarily focused on long-term security or took into account the potential repercussions. That opened them up to new security risks, which bad actors have been taking advantage of ever since.”
The proof is in the data, with SMBs experiencing a major increase in cyberattacks over the past two years. 2021 alone saw a 50% increase in overall corporate-network attacks per week compared to 2020, according to recent research.
So if you are considering the value of taking out cyber liability insurance, as Samuels suggests all SMBs would be wise to do, you need to get your MFA in order first. That’s because cyber liability insurers see MFA as an indicator of how seriously you take your company’s security, and they will generally expect you to have it set up already.
It’s no longer a case of if you should deploy MFA across your applications — it’s when. And the sooner you get it done, the sooner you can rest easy knowing your business is well protected.
Comments