By Steve Whalen
According to Coalition, the leading cyber insurance company for small and midsize businesses, approximately 36% of claims reported by their policyholders occurred due to a business email compromise. These claims resulted in a range of losses, from ransomware, social engineering, and funds-transfer fraud to regulatory penalties and data-restoration costs, among others. Each incident resulted in an average loss of more than $160,000, and each loss could have been avoided altogether or substantially minimized if the policyholder had Multi-Factor Authentication (MFA) in place. However, a 2017 Duo study found that only 28% of businesses protect their accounts with MFA.
MFA, also known as 2FA (Two-factor Authentication) is a security measure that adds a layer of protection by requiring an additional factor of authentication beyond a username and password, making it harder for malicious attackers to access your account, since they would need two methods of verifying your identity, rather than just one. According to Verizon’s 2019 Data Breach Investigations Report, stolen login credentials are the leading cause of data breaches and 60% of email breaches resulted from hackers using stolen credentials to access a web-based email system. Having two (or more) levels of authentication in place makes it nearly impossible for a hacker to compromise an account even if they’ve stolen or compromised your username and password. Something as simple as a text sent to one of your mobile devices would provide this second factor of authentication, allowing you safe access to your account.
Most MFA systems are free and can be easily configured in popular productivity software such as Microsoft Office 365, Dropbox, and Gmail. According to a recent evaluation done by PC World, Google Authenticator, a free smartphone app from Google available for both Android and iOS, was ranked the best overall MFA app. Other highly recommended and free MFA apps include LastPass Authenticator, Microsoft Authenticator, and Authy.
While MFAs go a long way in helping to protect your data, no security solution provides 100% guaranteed safety against all types of security attacks. If you get your MFA codes via SMS, for example, the code could potentially be intercepted by hackers. There is no guaranteed way to protect your data so you should never just use MFA without a robust cyber insurance policy.