Multifactor Authentication: Worth The Cost?


September 7, 2022

Is Multifactor Authentication worth the cost? Yes, yes, yes times infinity. Okay, I think we made our opinion obvious. While there is no such thing as a silver bullet for 100% cybersecurity protection (even Multifactor Authentication, aka MFA, isn’t perfect), we can’t think of one reason not to implement it right away.

MFA puts an extra step into the user login experience. Once a user ID and password are entered, the user is prompted to request and enter a special code delivered via text or voice to complete the transaction. It’s effective because a threat actor would have significant difficulty intervening in this process. If you already have Microsoft 365 (M365) Business Standard, MFA is included and only runs about $1,200.00 to $1,400.00 for the project to set it up.

One of our clients (before they engaged with us), got hit with a man-in-the-middle attack and transferred $170,000.00 to a felon’s bank account.

For additional inspiration, I will be sharing several examples of what can go wrong and how MFA can be paired with related solutions to keep your IT systems and users protected. The following four scenarios only scratch the surface. However, if I can stimulate one new idea (and better practice), you’re one step closer to improving the security of your digital assets.


1 – Multifactor Authentication Strengthens Defenses Against Open-Source Intelligence Exposure

Cyber crooks don’t need to breach heavily fortified IT systems to gather personal data. Instead, they take bits and pieces we openly share on social media sites like Nextdoor, LinkedIn, Facebook, Evites, and personal blogs.

Phone numbers, email addresses, and dates of birth can be easily collected and harnessed to launch multi-faceted phishing campaigns.

Professional criminals know how to figure out your passwords simply by studying your interests (exotic cats, patriotism, and gardening) to launch brute-force attacks on thousands of accounts simultaneously.


2 – Multifactor Authentication Reduces Shadow IT Risk

Even the best-trained users and organizations can be caught off-guard. The opportunities are endless when so many of us access unsecured Wifi networks and use personal email accounts for business.

HP has a fantastic commercial with Christian Slater that shows how easy it is for a device to get infected. Spoiler alert: don’t share corporate laptops, workstations, or tablets with your gaming-fanatic kids. When one network gets infiltrated, millions of other networks are suddenly within reach.


3 – Multifactor Authentication is Another Layer of Protection When Backups Fail

Having a comprehensive backup plan is one of the strongest weapons you can employ to avoid downtime, reputational harm, severe data loss, bankruptcy, the prospect of being manipulated into paying a gigantic ransom, and more.

According to Antony Adshead, Storage Editor of Computer Weekly, “The number of respondents that reported inadequate backup or failure to meet service level agreements (SLAs) rose to 40% in 2021 from a pre-pandemic 31% in 2019. Digging down into that, backup failure rates are quite staggering, with 37% of all jobs failing and 34% of restores failing.”


4 – Multifactor Authentication Lowers Email Infiltration Risk

KnowBe4 reports that your email filters “have an average failure rate of 7% to 10%.”

This figure is not an exaggeration. The filters are not perfect! That’s when security awareness training comes in handy… and barring that, your MFA.


Activating Multifactor Authentication Today

I mention four things that can go wrong to emphasize how MFA can play a role in making more things go right. It isn’t statistically probable that everything you have in place will fail or be strained at the same time but it’s important to employ a portfolio of measures so the odds are in your favor. Is it worth spending a one-time fee of less than $1,500.00 to avoid losing 100 times that amount?

The MFA available within M365 is only one of many solutions. Curious about what else is out there? We help our clients find the right one for their unique requirements.

Jed is a Solution Advisor at Integris who has specialized in MSP solution development, sales, and marketing communications since 2003.

Keep reading

When Do We Need a vCISO?

When Do We Need a vCISO?

According to recent reports from CIO magazine, cybersecurity is still the number one concern in keeping IT managers up at night. With historically high labor shortages for cybersecurity talent, you may wonder, does it make sense for my company to contract with a...