Log-ins requiring only user names and passwords are still commonplace among small- and medium-sized businesses (SMBs) despite clear evidence that requiring multi-factor authentication can better secure customer, employee and partner data, a new study said.
Roughly 46% of small business owners claim to have implemented MFA methods with just 13% requiring its use by employees for most account or application access, according to the Global Small Business Multi-Factor Authentication (MFA) Study from the Cyber Readiness Institute (CRI). In fact, services that enforce MFA require users to present more than one piece of evidence whenever they log in to a business account.
It doesn’t take much to install MFA, CRI said. Four steps will do it:
MFA is Not a New Security Feature
MFA has been in existence in one form or another for years, and is commonly used to log into business accounts. Yet, 55% of the 1,400 SMB owners surveyed globally said they are not “very aware” of MFA and its security benefits, and 54% do not use it for their business.
Of the businesses that have not implemented MFA, 47% said they either didn’t understand MFA or didn’t see its value. In addition, nearly 60% of small- and medium-sized business owners have not discussed MFA with their employees.
“We know nearly all account compromise attacks can be stopped outright, just by using MFA," said Karen Evans, managing director of CRI. "It’s a proven, effective way to thwart bad actors. All of us — governments, non-profits, industry — need to do much more to communicate the value of MFA to small business and medium-sized owners.”
More Findings From the Survey
Here's what else the survey uncovered:
An important boost for MFA’s use among SMBs has come from the Cybersecurity and Infrastructure Security Agency (CISA). As CISA Director Jen Easterly assesses the matter:
"The truth is, we need small and medium-sized businesses to be secure in order to protect the whole cybersecurity ecosystem, and that means they need the tools, the knowledge, and the impetus to enforce multi-factor authentication."