According to Statista, 86% of the British public perceive passwords as a weak way to secure data. Yet 24% of adults rotate one to six passwords across all their accounts. This means cyber attackers who successfully steal login details from one source may be able to apply the same passwords elsewhere.
Are Passwords Secure?
Passwords are vulnerable to attackers who use techniques such as; brute force attacks, phishing, keylogging, or credential stuffing to steal login credentials. If an attack is successful, theft of personal data puts subjects (clients, employees etc) at risk of identity theft. This can also cause great damage to the business - such as damaged reputation, fines, and interruption of operations.
What is Multi-Factor Authentication?
Multi-factor authentication (MFA) is a security mechanism that verifies a users identity through multiple methods. For example: multi-factor authentication could include identify verification via a users device (e.g., sending a verification code by text or email - or confirming authentication via an app) and via biometric data such as a fingerprint. MFA could also include a password as one authentication factor. However, in combination with another factor (something the user HAS or something the user IS), this is a much more secure login method.
Does My Business Need Multi-Factor Authentication?
Statista reports that 60% of businesses say they have multi-factor authentication in place in 2022, and 19% have plans to upgrade it further. 27% of businesses plan to add MFA in 2023, and 23% have no plans. Companies without MFA are at greater risk of cyber security breaches and risk being perceived as behind the times.
At a customer level, the absence of multi-factor authentication can erode trust in a business. Without MFA, customers may feel their data is unsafe and be reluctant to set up an online account with you. They may question your overall approach to the security of their data if they can set up an account with just a weak password.
At an organisational level, multi-factor authentication helps prevent unauthorised access to systems, infrastructure, and data due to the extra layer of authentication. It significantly increases the difficulty of data theft because even if an attacker accesses a password, they will not have access to the additional authentication factor (e.g., device or biometric). Data breaches can incur fines from the ICO of up to £17.5 million or 4% of annual revenue, whichever is higher. For example; Interserve group was fined £4.4 million by the ICO because they processed personal data without appropriate security measures (as required by Article 5(1)(f) and Article 32 of GDPR), which made them vulnerable to a cyber attack. An attack occurred, compromising the data of 113,000 employees, including their national insurance details, bank details, and special category information such as health, ethnicity, religion, sexual orientation, and details of disabilities.
More Benefits of Multi-Factor Authentication
In April (2023), multi-factor authentication became a requirement of the UK government backed Cyber Essentials Certification. The latest Cyber Essentials technical requirements (V3.1) state "your organisation must..... implement MFA where available - authentication to cloud services must always use MFA".
Obtaining Cyber Essentials Certification signals you have taken robust security measures and contributes to a trusted business reputation among clients, partners, and suppliers. Some may even have Cyber Essentials certification as a prerequisite for doing business.
Find out more about how you can achieve Cyber Essentials certification here.
This article was written by MCATS IT Ltd, providers of complete IT solutions.
Comments