Multi Factor Authentication (MFA) to protect your business

The value of your accounts

There are many accounts you rely on as a part of everyday business. Protecting them from being compromised by a cyber-criminal must be a business priority.

Accounts such as email and social media may contain critical business information that is very attractive to cyber-criminals. This includes:

• customer information, including personally identifiable information
• contact details
• your business history
• upcoming project information
• details of financial transactions.

If a cyber-criminal gains access to your accounts, they could:  

• sell your customers’ data – including credit card numbers, names, addresses, emails, date of birth
• send your customers phishing emails – to trick them into giving out personal information or to install malware onto their devices
• send fraudulent invoices or requests for payment (learn how to identify an email scam)
• reset your passwords on your other accounts to gain access to them– such as social media, if they are linked to the compromised email account.

Data breaches

Unauthorised access to your business information via a compromised email account or cloud storage could constitute a data breach. If your business experiences a data breach, you may have to report it to the Office of Australian Information Commissioner (OAIC) under the Notifiable Data Breach Scheme, and inform all your customers whose information might have been  affected.

An incident like this can damage a business’ reputation and customer trust.

A simple solution to protect your email and cloud storage accounts from being compromised is by using multi- factor authentication (MFA).

What is multi-factor authentication (MFA)?

MFA is an added layer of security designed to confirm your identity when logging into an online service. You will only be able to access an account after providing two or more pieces of evidence proving your identity.

Using MFA makes your accounts much harder to break into than if you were only using a password. Even if a criminal does obtain your password, they will still have to get past at least one other barrier to access your account.

MFA is also referred to as ‘two factor authentication’ or ‘2FA’. These terms are interchangeable.

1. Factor Authentication: something only you know

 This refers to something that only you know, like your password or PIN. Systems that use 1 factor authentication only require a username (such as an email address) and a password in order to access them. 

2. Factor Authentication: something you know and something you have

This refers to something you know (password), plus something you have.

Systems that use 2 factor authentication require a username and a password, plus a one-time password or code (sent to your mobile phone, for example) in order to access them.

3. Factor Authentication: something your know, something you have, or something you are

This is something you know, plus something you have, plus something you are (unique biometric input, such as a fingerprint scan to unlock your smart phone). 

Systems that use 3 factor authentication require a username and a password, a one-time password or code, and a fingerprint/some other unique biometric that identifies you.

How to set up multi-factor authentication (MFA)

There’s many different ways to set up MFA on your accounts. Here’s some common ones:

• You can set up MFA for Office 365 in the Admin centre. This will generate a phone call, text message or an app notification to your mobile once you have entered your password. Find out how to set up MFA using Microsoft’s step-by-step guide.
• You can enable MFA on your iOS and macOS devices. For more information and instructions, visit Apple’s guide on MFA.
• To help you set up MFA for other accounts like social media or Gmail, the Australian Cyber Security Centre has a list of helpful guides.