Cyber Security Week: Multi-Factor Authentication is too hard

Icon IT is celebrating Cyber Security Week in New Zealand by pushing aside the myth that Multi-Factor Authentication (MFA) is too hard. We’ve heard lots of the reasons that clients don’t want to move to MFA. You can read more about MFA in this blog post.

None of those reasons are actual reasons, each one we’ve heard comes from hearsay, or simply a lack of knowledge.

The funny thing is, most clients we talk to who don’t want to use MFA in their business, are already using it personally when they pay for a bill online, or log in to a web service of some sort.

For a business, the truth is MFA is even easier than using it for your own, personal online banking or other services.

MFA for Business Is Easy

Why is that? Without getting into technical reasons, MFA for your business can be streamlined to create very little impact on you or your staff. For example, your main office can be ‘whitelisted’ so that users at the office will never be prompted for MFA.

Instantly, most of the complaints around MFA disappear. On a security level, we aren’t looking to use MFA to stop your staff from working. MFA is there to stop scammers and hackers from accessing your email, files, or data from some remote location, more than likely in another country. Whitelisting your company’s office is a good way of balancing security and usability.

What About MFA And Working From Home?

Yes, this can make like more difficult for your staff. Again, there are mitigations that can be put in place. Depending on the setup, MFA can be set to not prompt any staff for a code when using a work laptop. Again, instantly the pain of MFA is removed from your staff’s daily routine.

Some larger companies will not allow the above scenario due to their IT Security policies, but for most companies, it’s a good option. It means that to gain access to your network/data/emails, the hacker or scammer would need the username, password, and the company laptop. That’s a highly unlikely scenario.


MFA: The Bottom Line

In each instance where we’ve seen MFA implemented, it’s never as bad as users feel it will be – far from it. If setup correctly, there’ll be little to no interruption to their normal working day.

And let’s face it, within 2 years MFA will be standard for everyone for most apps. People who are constantly getting their Facebook accounts hacked will realise that MFA stops this immediately. Got cyber insurance? It will likely that MFA will be mandatory for any company with a cyber insurance policy.

There is no getting away from MFA, and it’s easier than you think. Better off implementing it sooner, rather than later. If you wait, your chances of being hacked go up by a huge amount.

It’s just not worth the risk.

Remember, we are independent and don’t sell MFA solutions, or do any work implementing MFA. We merely give you independent, unbiased IT advice to make sure what you are expecting from your IT provider of IT team is what you expect.

Get in touch if you want us to see you for a no-obligation chat.

    Related Posts

    Begin typing your search term above and press enter to search. Press ESC to cancel.

    Back To Top