What You Should do in 5 Minutes to infinitely improve your cybersecurity posture
Written By: Dan Hernandez
What is the quickest thing you can do in less than five minutes that infinitely improves your cybersecurity stance? Enable Multi-Factor Authentication (MFA) on anything and everything you can for yourselves and for your clients. Such a simple concept with an enormous impact on reducing your threat surface. Unfortunately, an overwhelming percentage of businesses have not deployed MFA (statistics vary widely between 26% and 60% of businesses utilizing MFA).
The question is why haven’t more companies forced their users to utilize MFA? The short answer: it’s a pain to get users to adopt. You rely on ease of access in order to efficiently do your work, and are thus willing to forgo security in the name of ease. Unfortunately, this flies in the face of effective security. While users may be able to access their systems more easily today; when those systems are breached and that access goes out the window, they’ll be in trouble.
Threat prevention mindset leans toward protection over access. Yes, the user may have to get used to plugging in an authentication code every time they need to access their line of business application, but they will be infinitely more secure in the process.
While Microsoft’s claim that MFA can eliminate 99.9% of threats may be a bit of a stretch, there is no denying that if you only have five minutes to spend on better securing your organization, enabling MFA wherever possible is the best thing you can do.
Now, how do you get those curmudgeon, access first end users to get onboard with MFA? There’s a few approaches.
1. Educate on the value. We know that MFA neutralizes any threat presented by leaked, repeated, or otherwise compromised passwords. Sometimes education is enough leverage. People are beginning to understand the importance of protecting their passwords. This is just the next step.
2. Reward adopters. We live in an era of gamification. As you onboard new clients (or deploy MFA to current clients), all those with MFA enabled by a certain date are eligible for a prize – team party, gift, cold hard cash. Totally up to you. Yes, you’re bribing them to get on board with their own security; but, at the end of the day, what you pay on rewards will more than make up for itself in reduced ticket load or hours spent remediating a breach.
3. Set a firm line in the sand. If they want access to systems, they must have MFA enabled. This sounds harsh, but it’s our responsibility to best protect our businesses. Some will leap onboard, and some will drag their feet, but ultimately recognize that their job is important enough to embrace this security.
Commit to being part of the movement toward MFA adoption. The few extra seconds it takes to verify your identity will most assuredly pay dividends in the long run.
PCS is a world-class leader in protecting data & identity for businesses and non-profits. We provide a critical service to businesses and non-profits by managing cybersecurity risks, including ransomware, crypto walkers, phishing emails, and other evolving cyber crimes. See how IT services can benefit your company.
