Person on both her laptop and phone.
One verification tool used in multifactor authentication is the user's smartphone. Once an employee enters their password, their phone can be used to verify their login. — Getty Images/Luis Alvarez

Small businesses are frequently the targets of cybercriminals; in fact, some experts estimate that small businesses are three times more likely to be attacked online than bigger enterprises.

And, sometimes, the only thing standing between a hacker and your proprietary business information is a fingerprint. Multifactor authentication is an easy and important security measure that you and your employees can take to defend against phishing and other hacking attempts.

What is multifactor authentication?

Multifactor authentication (MFA) is a process that requires a user to provide two or more verification factors to log in to a website, device, or online account. Rather than simply logging on with a username and password, MFA would require a password and a fingerprint, a facial scan, a one-time passcode, or all of the above.

[Read more: Do You Need a Password Manager? How to Choose One]

MFA usually requires a standard password as well as the additional verification of any of these three types information:

  • A knowledge-based item, such as a PIN number.
  • An item you have in your possession, such as a smartphone.
  • A biometric item, such as fingerprints or voice recognition.

You may have also heard of two-factor authentication, or 2FA. Two-factor authentication is a subset of MFA in that it requires two factors for someone to log in, whereas MFA requires at least two.

Multifactor authentication is a more secure way to protect access to your valuable information. While passwords can be compromised relatively easily, it’s much harder for a hacker to crack an account protected with your unique fingerprint.

What does multifactor authentication prevent?

Most data breaches are the result of weak, default, or stolen passwords. Up to 73% of passwords are duplicates, meaning once one account is compromised, a hacker can easily figure out and gain access to others. In addition, certain types of attacks, like phishing, can lead to compromised credentials and thus grant cybercriminals access to your data.

Look for a vendor that can help you be compliant with any industry-specific regulations, as well as one that offers support and onboarding to help you adopt this new procedure.

Matt Bromiley, SANS Digital Forensics and Incident Response instructor

These types of attacks are incredibly damaging for small businesses. Analysis by IBM found that, for small businesses with fewer than 500 employees, a data leak costs an average of $7.68 million per incident. For many business owners, this cost is insurmountable.

Multifactor authentication can help prevent unauthorized access to your proprietary and customer information. Microsoft estimates that simply adding MFA can block over 99.9% of account-compromising attacks.

How to get started with multifactor authentication

The good news is that MFA doesn’t have to be complicated. The Identity Management Institute has a list of vendors that provide MFA and can help you implement the right tools. Look for a vendor that can help you be compliant with any industry-specific regulations, as well as one that offers support and onboarding to help you adopt this new procedure.

Then, start by conducting a risk assessment to determine which areas of your business have the greatest need. Consider adding MFA to your company email, accounting systems, customer database, and anywhere else where sensitive data may be stored or used. Prioritize the highest-risk applications and devices to begin with, and allow time for your employees to learn the new tools and login procedures. Provide enough training and support for your team to make sure everyone understands the importance of MFA.

“It doesn’t have to be an all-or-nothing approach. There are different approaches your organization could use to limit the disruption while moving to a more advanced state of authentication,” Matt Bromiley, SANS Digital Forensics and Incident Response Instructor, told Microsoft.

Think of MFA as a gradual approach that can ramp up over time. You can start with 2FA for some employees who are working on lower-priority systems. Eventually, you may even be able to move away from using passwords altogether — and instead rely on measures like single sign-on (SSO) that make security seamless. Ultimately, the goal is to find ways to lock down your data from unauthorized access using impenetrable authentication methods.

[Read more: 7 Simple Things You Can Do Right Now to Protect Your Business from a Ransomware Attack]

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Published