Industry fails to highlight the importance of MFA to SMEs

A report by the Cyber Readiness Institute (CRI) has found that only 46 per cent of small and medium-sized enterprises (SMEs) worldwide have implemented multifactor authentication (MFA) technology, and only 13 per cent insist on using MFA for employee accounts or applications.

MFA or two-factor authentication (2FA) requires users to verify who they are when logging on with not just a password but a one-time code to a separate device to increase security. However, the CRI has found that more than half of SMEs are only relying on usernames and passwords to protect their data.

Karen Evans, managing director, CRI, said: “We know nearly all account compromise attacks can be stopped outright, just by using MFA. It’s a proven, effective way to thwart bad actors. All of us – governments, non-profits, industry – need to do much more to communicate the value of MFA to small business and medium-sized owners.”

The report also found that 55 per cent of SMEs said they were not very aware of MFA, 47 per cent said they didn’t understand it or see its value, and 60 per cent had never even discussed it with their employees.

Jen Easterly, director of the US’s Cybersecurity and Infrastructure Security Agency (CISA), added: “The truth is, we need small and medium-sized businesses to be secure in order to protect the whole cyber security ecosystem, and that means they need the tools, the knowledge and the impetus to enforce MFA."

“We’re on a mission to encourage organisations of all sizes to use More Than A Password and enable MFA. Today’s study points out the work left to be done – but also shows the growing community coming together – to collaborate and ensure SMEs have what they need to keep themselves and their customers safe online.”

CRI also noted that implementing MFA generally does not require any huge changes in the business and does not have to cost anything. There are numerous low-cost or free software tools available and all major email providers offer MFA as an option.

Contact us

hSo ISO 9001 Seal
hSo ISO 14001 Seal
hSo ISO 20000 Seal
hSo ISO 27001 Seal
Cyber Essentials logo
Internet Service Providers Association logo
Internet Telephony Service Providers Association logo
LINX logo
RIPE logo
AWS Partner Network logo
Microsoft Partner logo
Crown Commercial Service supplier logo