Cyber Insurance and Multi-Factor Authentication
Introduction
Here’s what you, as an SMB owner, need to know about MFA:
- It’s an incredibly effective cybersecurity tool
- It’s easy to implement/use
- It’s not costly
- Most cyber insurance carriers now require MFA
But let’s go into a little more detail than that. In this quick read, you’re going to learn what MFA is (if you don’t already know) and why you should be using it at your business (if you’re not already).
MFA Works!
To appreciate why MFA works so well, you need to understand what it is.
Let’s start with the ‘A’: authentication. In the tech world, authentication just means verifying someone’s identity. When you log in to your email account, how does your email ‘know’ it’s really you? Because you enter a password that only you’re supposed to know. And voilà — you’re ‘authenticated’!
But can’t cybercriminals figure out what people’s passwords are?
In short, yes (and it doesn’t help matters that people and organizations have notoriously bad ‘password habits’ such as using the same password for everything). In fact, stolen passwords and other credentials are the primary means by which cybercriminals break into computer networks:
According to the Verizon 2021 Data Breach Investigations Report, more than 60% of data breaches stem from leveraged credentials.
But what if authentication required more than just a password — a password plus something else? Surely, that would make it harder for threat actors to use stolen credentials to gain unauthorized access to devices, systems, etc.
It would, which brings us to ‘M’ and ‘F’: ‘multi-factor’ refers to the fact that MFA requires more than one proof of identity for authentication. Going back to the example of email, if your email account is protected by MFA, it means anyone who wants to log in to your email will have to provide your password plus something else.
That ‘something else’ could be a lot of different things, including:
- an SMS code that gets sent to your cell phone
- the correct answer to a security question
- biometric data (e.g., your fingerprint)
Bottom line: Requiring just one additional proof of identity makes it significantly harder for threat actors to hack into your accounts. How much harder? According to research from Microsoft, MFA can block more than 99.9% of cyberattacks that rely on compromised credentials. Talk about effective!
Using MFA at your business should be a no-brainer, but in case you’re still not sold on MFA, here are some additional considerations to help persuade you of its value …
MFA Is Easy
MFA is both easy to implement and easy to use. There are numerous MFA solutions available to SMBs, and many of them don’t require any hardware or downloads. And once you’ve set up your MFA solution, all it requires from users is that they take an extra minute or two to verify their identity.
MFA Isn’t Costly
Besides being a simple and easy-to-use cybersecurity tool, MFA is also highly cost-effective. Most MFA solutions will use up only a tiny sliver of your IT budget, which makes them a great investment considering the average cost of a data breach is over $4 million.
Cyber Insurance Providers Require MFA
Regardless of how you feel about MFA, any cyber insurance company you work with is going to want to see that your business uses MFA. In fact, more and more carriers are making it an outright
requirement. This is telling: cyber insurance providers are demanding that insureds use MFA because they know it works.
Summing Up
There you have it. MFA is an awesome, easy-to-use, and affordable cybersecurity tool that stops hackers in their tracks. That said, it’s not a cure-all. Use MFA at your business, but use it in conjunction with other security solutions such as encryption and endpoint detection and response (EDR). Doing so will give you a layered approach, and the best chance at avoiding a devastating breach.
MFA can be used on a lot of things, not just email. What should you use MFA for at your business? We answer this question in The SMB Owner’s Cyber Insurance Checklist. Click below to get your copy.