Looking to make small changes that have a big impact on your overall cybersecurity posture? Multi-factor authentication (MFA) is one tool that packs a punch when it comes to preventing cybersecurity attacks.

At its highest level, MFA is a security protection that requires multiple forms of identification or authentication before being allowed to log into an account. These credentials can vary based on the situation but often include a combination of everyday things that you’ve probably leveraged in the past, such as a password, pin, swipe card, or fingerprint. You’ve probably leveraged MFA without even knowing it. For instance, taking money out of an ATM requires both your physical card as well as a pin.

One of the most common growing types of MFA involves a device or your mobile phone, which is convenient for many users since it is always with them. Logging into your account might require a simple text or call a code to your device, or a code is typed in from an app on your phone or standalone device like a key fob with a rotating code.

How can an SMB benefit from MFA?

Implementing MFA is one of the simplest things an SMB can do to enhance security to their accounts without disturbing the user experience. According to a Google blog, MFA can prevent 96 percent of non-targeted phishing attempts and more than 76 percent of targeted attacks. As an example of this, a Microsoft executive said that out of the 1.2 million Microsoft accounts compromised in January 2020, 99.9 percent were not using MFA.

While more and more organizations are using MFA (around 57 percent), SMBs have been slower to realize its benefits. While 87 percent of organizations with over 10,000 employees use MFA, only 34 percent of businesses with 26 to 100 employees do, and only 27 percent of those with less than 25 employees. That puts SMBs at risk compared to their larger peers, even though MFA is not an expensive tool to implement and can significantly impact overall security posture.

What doesn’t MFA protect?

MFA focuses on preventing attackers from gaining access to a user’s credentials, giving them access to potentially sensitive accounts. That said, it will not protect against every risk a company may encounter. For example, it does not prevent a human employee from clicking on a phishing link or downloading malicious software.

Is MFA a security silver bullet?

While MFA is powerful and a critical piece of any SMB’s cybersecurity strategy, it’s unfortunately not a silver bullet for perfect security. SMBs should strive to have a well-rounded strategy that includes MFA but also other basic protections. For instance, an SMB can complement MFA with other tactics, such as company-wide cybersecurity awareness training to better educate their employees to avoid phishing and other types of human-based risks.

By implementing a holistic strategy, with MFA as one piece of the overall puzzle, SMBs can hope to better protect their employees and customers from attack.