Cyberattacks against companies large and small are on the rise as hackers engineer new ways to access and steal data. From ransomware to Distributed Denial of Service (DDoS), two facts are particularly concerning:
- Leveraged credentials, most often passwords, cause sixty-one percent of data breaches.
- Nearly half of all cyber-attacks target small and medium-sized enterprises (SMEs) who are less equipped to recover from damages.
Because SMEs inherently lack the cybersecurity resources of large enterprises, they’re seen as low-hanging fruit by cybercriminals. And the consequences of a data breach to an SME can be devastating and long-term: Most SMEs are unable to recover from an attack and 60% file for bankruptcy within six months of a breach.
One new statistic brings hope: According to a recent study, organizations that use multi-factor authentication (MFA) are 99.9% less likely to experience a breach than those that do not. Yet, while most IT decision-makers know the threats, an estimated 67% of businesses pen-tested in 2020 don’t use MFA for any of their login points.
So why aren’t more SMEs using multi-factor authentication? Is the resistance to MFA one of misunderstanding, misinformation, or the perception of inconvenience? And how can it be overcome? We’ll explore MFA’s benefits, challenges, and common misconceptions around SMEs using multi-factor authentication—but first, a primer on MFA:
What is MFA, and How Does It Work?
MFA is a method to protect an access transaction by utilizing multiple (often two) factors to verify a user’s identity. MFA, aka two-factor authentication (2FA), goes beyond vulnerable password authentication by requiring two or three forms of identity:
- Something you are—biometric data like facial recognition, fingerprint, retinal imprint, or even speech and typing patterns.
- Something you know—passwords or facts about your life or family history.
- Something you have—a device in your possession, like a phone or a security key.
How MFA works:
- A user logs in with their password (something they know).
- The user is prompted to satisfy the second factor they elected, which can take the form of:
- A one-time passcode (TOTP) on the user’s phone or tablet from an authentication app like Google Authenticator (Android or iOS) or JumpCloud Protect™
- A one-time passcode (OTP) via email or SMS
- A push notification from a supported smartphone or tablet app
- A scan of the user’s fingerprint, face, or other biometric factor
MFA: Critical to a Zero Trust Security Policy
MFA is the cornerstone of a Zero Trust cybersecurity stance, which maintains that trust without maximum verification equals vulnerability. A 2020 JumpCloud survey of 400 SME decision-makers found that less than one-quarter had adopted a Zero Trust solution. With the stakes so high, it’s vital that management and employees understand the state of technology which easily overcomes objections to adoption.
Benefits and Challenges of Using MFA
MFA has many benefits—too many to list here—but here are three top advantages of implementing MFA:
- MFA helps keep accounts secure even if a password has been compromised.
- MFA provides peace of mind for stressed-out cybersecurity teams.
- MFA is one of the easiest security measures to take.
Identity management is the only technology that requires users and admins to balance efficiency, convenience, and security all at once—a challenge, but a surmountable one. Here are three of the top challenges cited by businesses who still resist the nearly fool-proof solution of MFA:
- MFA can be time-consuming and slow productivity.
- If implemented improperly, MFA can negatively impact user experience (UX) .
- MFA can be expensive for small businesses to manage.
Speed vs. Security in Multi-Factor Authentication
When it comes to choosing between speed and security, speed often wins. Fortunately, new innovations in UX design are delivering a seamless user experience with no compromise. Implemented correctly, MFA can increase IT security without adding complexity or slowing productivity for the end-user.
Managed MFA solutions can support multiple factors depending on the applications, devices, and systems they protect. Integrated into a cloud directory platform like JumpCloud, managed MFA solutions reduce the complexity of protecting a single identity while securely connecting the user to multiple IT resources. Less complexity leads to higher user adoption rates and a greatly reduced attack surface.
Employees will continue to lose their smartphones on occasion, but this problem can be solved with an authentication app like JumpCloud Protect. JumpCloud Protect will: (1) temporarily relax MFA requirements while the user sets up their new phone; or (2) shift MFA requirements to a non-smartphone-based method like a hardware-based key or fingerprint scanner.
Finally, MFA costs are scalable for SMEs, with simplified à la carte and bundled pricing plans that deliver what businesses of all sizes need, when they need it. (Note: Cloud MFA services are free with all bundled JumpCloud packages.)
The ROI of MFA
With so much on the line for SMEs whose data is frequently targeted by bad actors, MFA adoption has never been more critical. MFA helps keep accounts secure even if a password has been compromised. Most importantly, with the current cost of downtime estimated at $8,000 per hour for a small business and $74,000 for a medium-sized company, a solid Zero Trust initiative like MFA is a drop in the bucket.
Interested in learning more about JumpCloud and how to achieve more robust security practices? Evaluate JumpCloud today! JumpCloud Free grants new admins ten systems and ten users free to help evaluate with access to the complete platform. Once you’ve created your organization, you also receive ten days of Premium 24×7 in-app chat support to help you with any questions or issues.