Multi Factor Authentication (MFA) to protect your business

Update your browser.

This website doesn't support your browser and may impact your experience.

NAB Mobile Banking app

The value of your accounts

There are many accounts you rely on as a part of everyday business. Protecting them from being compromised by a cyber-criminal must be a business priority.

Accounts such as email and social media may contain critical business information that is very attractive to cyber-criminals. This includes:

customer information, including personally identifiable information
contact details
your business history
upcoming project information
details of financial transactions.

If a cyber-criminal gains access to your accounts, they could:

sell your customers’ data – including credit card numbers, names, addresses, emails, date of birth
send your customers phishing emails – to trick them into giving out personal information or to install malware onto their devices
send fraudulent invoices or requests for payment (learn how to identify an email scam)
reset your passwords on your other accounts to gain access to them– such as social media, if they are linked to the compromised email account.

Data breaches

Unauthorised access to your business information via a compromised email account or cloud storage could constitute a data breach. If your business experiences a data breach, you may have to report it to the Office of Australian Information Commissioner, opens in new window (OAIC) under the Notifiable Data Breach Scheme, opens in new window, and inform all your customers whose information might have been affected.

An incident like this can damage a business’ reputation and customer trust.

A simple solution to protect your email and cloud storage accounts from being compromised is by using multi- factor authentication (MFA).

What is multi-factor authentication (MFA)?

MFA is an added layer of security designed to confirm your identity when logging into an online service. You will only be able to access an account after providing two or more pieces of evidence proving your identity.

Using MFA makes your accounts much harder to break into than if you were only using a password. Even if a criminal does obtain your password, they will still have to get past at least one other barrier to access your account.

MFA is also referred to as ‘two factor authentication’ or ‘2FA’. These terms are interchangeable.

1. Factor Authentication: something only you know

This refers to something that only you know, like your password or PIN. Systems that use 1 factor authentication only require a username (such as an email address) and a password in order to access them.

2. Factor Authentication: something you know and something you have

This refers to something you know (password), plus something you have.

Systems that use 2 factor authentication require a username and a password, plus a one-time password or code (sent to your mobile phone, for example) in order to access them.

3. Factor Authentication: something your know, something you have, or something you are

This is something you know, plus something you have, plus something you are (unique biometric input, such as a fingerprint scan to unlock your smart phone).

Systems that use 3 factor authentication require a username and a password, a one-time password or code, and a fingerprint/some other unique biometric that identifies you.

How to set up multi-factor authentication (MFA)

There’s many different ways to set up MFA on your accounts. Here’s some common ones:

You can set up MFA for Office 365 in the Admin centre. This will generate a phone call, text message or an app notification to your mobile once you have entered your password. Find out how to set up MFA using Microsoft’s step-by-step guide, opens in new window.
You can enable MFA on your iOS and macOS devices. For more information and instructions, visit Apple’s guide on MFA, opens in new window.
To help you set up MFA for other accounts like social media or Gmail, the Australian Cyber Security Centre has a list of helpful guides, opens in new window.

Helpful resources

How we can help

If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.

Learn what to do in the event of fraud or scams

Get updates on the latest fraud alerts

IDCARE

IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.

IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.

Learn more about IDCARE, opens in new window

Australian Government | Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.

Learn more about the Australian Cyber Security Centre, opens in new window

Australian Government | ReportCyber

ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.

Learn more about ReportCyber, opens in new window

Australian Competition and Consumer Commission | Scamwatch

Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Learn more about Scamwatch, opens in new window

Australian Government | Office of the eSafety Commissioner

The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.

Learn more about the Office of the eSafety Commissioner, opens in new window

Australian Government | Attorney-General’s Department

The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.

Learn more about the Attorney-General’s Department, opens in new window

Safely storing your data

Your stored business data travels in and out of your network. What key controls can you put in place to ensure it’s safe?

Building employee awareness of cyber safety

Empower your employees to help manage your online security risks

How to protect your website from being compromised

Learn how to protect your website against online attacks.

Important information

This section contains Important Information relevant to the page you are viewing, but you can't see it because you have JavaScript disabled on your browser. Please enable JavaScript and come back so you can see the complete page. It's important that you read the Important Information in this section before acting on any information on this page.

$0 account fee

Offer Up to $300 cash back

View calculators

Refinancing your home loan?

$0 international transfer fee

Discounts and benefits

Unsecured business finance

Offer Get 150,000 bonus Qantas Points

Offer NAB Easy Tap $100 Cashback Offer

Related tools and help

NAB Connect

Small Biz Explorer

The Morning Call Podcast