Multi-Factor Authentication (MFA) to protect your business

Estimated reading time is 3 minutes.

Email is a fundamental part of everyday business, so protecting your email account from being compromised by a cybercriminal must be a business priority.

The value of your email account

Your business email account contains critical business information that is very attractive to cyber criminals. This includes:

• Customer information, including personally identifiable information
• Contact details
• Your business history
• Upcoming project information
• Details of financial transactions

If a cybercriminal gains access to your email account they could:

• Sell your customers’ data – including credit card numbers, names, addresses, emails, date of birth
• Send your customers phishing emails – to trick them into giving out personal information or to install malware onto their devices
• Send fraudulent invoices or requests for payment (read more on email- based scams here.)
• Reset your passwords on your other accounts to gain access to them also – such as social media, if they are linked to the compromised email account.

Data breaches

Unauthorised access to your business information via a compromised email account or cloud storage could constitute a data breach. If your business experiences a data breach, you may have to report it to the Office of Australian Information Commissioner (OAIC) under the new Notifiable Data Breach Scheme, and inform all your customers whose information might have been affected.

An incident like this can damage a business’ reputation and customer trust.

A simple solution to protect your email and cloud storage accounts from being compromised is by using Multi-Factor Authentication (MFA).

What is MFA?

MFA is a method of confirming your identity in order to access an account, which requires extra information in addition to a username and password. You will only be able to access an account after providing two or more pieces of evidence proving your identity.

Using MFA makes your accounts much harder to break into than if you were only using a password. Even if a criminal does obtain your password, they will still have to get past at least one other barrier to access your account.

1 Factor Authentication refers to something that only you know, like your password or PIN.

Systems that use 1 factor authentication only require a username (such as an email address) and a password in order to access them.

2 Factor Authentication refers to something you know (password), plus something you have:

Systems that use 2 factor authentication require a username and a password, plus a one-time password or code (sent to your mobile phone, for example) in order to access them.

3 Factor Authentication refers to something you know, plus something you have, plus something you are (unique biometric input, such as a fingerprint scan to unlock your smart phone).

Systems that use 3 factor authentication require a username and a password, a one-time password or code, and a fingerprint/some other unique biometric that identifies you.

How can I set MFA up?

• You can set up MFA for Office 365 in the Admin centre. This will generate a phone call, text message or an app notification to your mobile once you have entered your password. Find out more here: https://support.office.com/
• Websites such as Twitter and Paypal have options for MFA. Check if your other online accounts offer MFA here: https://twofactorauth.org/
• For Apple iOS or macOS devices you can enable this function by going to your Settings > Passwords and Security section. Find out more here: https://support.apple.com/en-au