Why Aren’t More SMEs Using Multi-Factor Authentication?

Written by Ashley Gwilliam on November 18, 2022

Share This Article

Cyberattacks against small and medium-sized enterprises (SMEs) are on the rise — from ransomware to Distributed Denial of Service (DDoS). Leveraged credentials, most often passwords, cause 61% of data breaches.

Nearly half of all cyberattacks target SMEs who are less equipped to recover from damages. 

Why don’t cybercriminals limit their nefarious activity to organizations with large bank accounts? They have strategically determined SMEs are less likely to invest in security best practices than large enterprises. 

Sadly, the consequences of these data breaches can be devastating. On average, 60% of SME breach victims file for bankruptcy within six months of an incident. The good news is SMEs can avoid nearly 100% of breaches by taking one simple action: implementing multi-factor authentication (MFA)

Why Aren’t More SMEs Using Multi-Factor Authentication?

person in a mask typing in code on a computer

According to a 2021 study, organizations that use MFA are 99.9% less likely to experience a breach than those that do not. 

Yet, despite having awareness of cybersecurity risks, an estimated 67% of business decision-makers don’t use MFA for any of their login points.

Why aren’t more SMEs using multi-factor authentication? Is the resistance to MFA one of misunderstanding, misinformation, or the perception of inconvenience? And how can it be overcome? Let’s explore MFA’s benefits, challenges, and common misconceptions around SMEs using multi-factor authentication — but first, a primer on MFA:  

What Is MFA? 

MFA is a method to protect an access transaction by utilizing multiple (often two) factors to verify a user’s identity. MFA, sometimes referred to as two-factor authentication (2FA), goes beyond vulnerable password authentication by requiring two or three forms of identity:

  • Something you are: biometric data like facial recognition, fingerprint, retinal imprint, or even speech and typing patterns.
  • Something you know: passwords or facts about your life or family history.
  • Something you have: a device in your possession, like a phone or a security key.

Though the technology has been around for decades, biometric data recognition was mostly relegated to sci-fi movies until recently. 

However, technologies like facial recognition and fingerprint scanning are now mainstream thanks to organizations embedding them into their products. A recent survey of 1,000 Americans found that 70% of them find biometrics easier to use than traditional passphrases. 

How Does MFA Work?

End users may see MFA as slightly inconvenient as it involves a few extra steps. But the process itself is relatively straightforward: 

  • The user logs in with their password (something they know).
  • The user is prompted to satisfy a second factor:
    • One-time passcode (TOTP) on their phone or tablet from an authentication app like Google Authenticator, or
    • One-time passcode (OTP) via email or SMS, or
    • Push notification from a smartphone or tablet app, or
    • Scan of fingerprint, face, or other biometric factor 

Once the user’s identity has been verified by the organization’s chosen secondary and/or tertiary factor, the user is granted admission to the network. 

Benefits and Challenges of Using MFA 

woman sipping from a coffee mug, petting her dog while working in front of her laptop

MFA Benefits

Implementing MFA has many benefits, but here are three: 

  • MFA keeps accounts secure even if passwords have been compromised.
  • MFA provides peace of mind for stressed-out cybersecurity teams. 
  • MFA lays the foundation for running a Zero Trust security framework, which maintains trust without maximum verification and introduces security vulnerabilities. 

In addition, MFA is one of the easiest security measures admins can take. 

MFA Challenges and Solutions

Now, let’s dig into why more SMEs aren’t using multi-factor authentication. Identity management is the only technology that requires users and admins to balance efficiency, convenience, and security all at once — a challenge, but a surmountable one. 

Here are the three challenges most often cited by SMEs resisting MFA:

  • MFA could be time-consuming and slow productivity.
  • MFA could negatively impact user experience (UX).
  • MFA could be expensive for small businesses to manage. 

When it comes to choosing between speed and security, speed often wins. Fortunately, new innovations in UX design are delivering a seamless user experience with no compromise. Implemented correctly, MFA can increase IT security without adding complexity or slowing productivity for the end user. 

business meeting in an office setting

Managed MFA solutions can support multiple factors depending on the applications, devices, and systems they protect. Integrated into a cloud directory platform like JumpCloud, managed MFA solutions reduce the complexity of protecting a single identity while securely connecting the user to multiple IT resources. Less complexity leads to higher user adoption rates and a greatly reduced attack surface.

Employees may continue to lose their smartphones on occasion, but this problem can be solved with an authentication app like JumpCloud Protect™. JumpCloud Protect will: (1) temporarily relax MFA requirements while the user sets up their new phone; or (2) shift MFA requirements to a non-smartphone-based method like a hardware-based key or fingerprint scanner.

Finally, MFA costs are scalable for SMEs, with simplified à la carte and bundled pricing plans that deliver what businesses of all sizes need, when they need it. (Note: Cloud MFA services are free with all bundled JumpCloud packages.)

The ROI of Multi-Factor Authentication for SMEs

With so much on the line for SMEs, whose data is frequently targeted by hackers, MFA adoption has never been more critical. MFA helps keep accounts secure even if passwords have been compromised. 

According to Aberdeen Research, small businesses of less than 500 employees with up to $50M in annual revenue experienced downtimes costs of up to $8,600 per hour in 2016. All things considered, a solid Zero Trust initiative like MFA is a drop in the bucket. 

Interested in learning more about JumpCloud and how to achieve more robust security practices? Start a free 30 Day Trial of JumpCloud today. 

Ashley Gwilliam

Ashley Gwilliam is a Content Writer for JumpCloud. After graduating with a degree in print-journalism, Ashley’s storytelling skills took her from on-camera acting to interviewing NBA basketball players to ghostwriting for CEOs. Today she writes about tech, startups, and remote work. In her analog life, she is on a quest to find the world's best tacos.

Continue Learning with our Newsletter