Is Multi-Factor Authentication Worth The Cost?


September 7, 2021

By Jed Fearon

Yes, yes, yes times infinity. Okay, I think I made my opinion obvious.

While there is no such thing as a silver bullet for 100% cybersecurity protection (even Multi-Factor Authentication AKA MFA isn’t perfect), I can’t think of one reason not to implement it right away.

MFA puts an extra step into the user login experience. Once a user ID and password are entered, the user is prompted to request and enter a special code delivered via text or voice to complete the transaction.

It’s effective because a threat actor would have significant difficulty intervening in this process.

If you already have Microsoft 365 (M365) Business Standard, MFA is included and only runs about $1,200.00 to $1,400.00 for the project to set it up.

One of our clients (before they engaged with us), got hit with a man-in-the-middle attack and transferred $170,000.00 to a felon’s bank account.

For additional inspiration, I will be sharing several examples of what can go wrong and how MFA can be paired with related solutions to keep your IT systems and users protected.

The following four scenarios only scratch the surface. However, if I can stimulate one new idea (and better practice), you’re one step closer to improving the security of your digital assets.

1 – Open-Source Intelligence Exposure

Cyber crooks don’t need to breach heavily fortified IT systems to gather personal data. Instead, they take bits and pieces we openly share on social media sites like Nextdoor, LinkedIn, Facebook, Evites, and personal blogs.

Phone numbers, email addresses, and dates of birth can be easily collected and harnessed to launch multi-faceted phishing campaigns.

Professional criminals know how to figure out your passwords simply by studying your interests (exotic cats, patriotism, and gardening) to launch brute force attacks on thousands of accounts simultaneously.

2 – Shadow IT Risk

Even the best trained MSP clients can be caught off-guard. The opportunities are endless when so many of us access unsecured Wifi networks and use personal Yahoo Mail and Gmail accounts for business.

HP has a fantastic commercial with Christian Slater that shows how easy it is for a device to get infected. Spoiler alert: don’t share corporate laptops, workstations, or tablets with your gaming fanatic kids.

Learn More: HP Wolf Security

When one network gets infiltrated, millions of other networks are suddenly within reach.

3 – Backup Fails

Having a comprehensive backup plan is one of the strongest weapons you can employ to avoid downtime, reputational harm, severe data loss, bankruptcy, the prospect of being manipulated into paying a gigantic ransom, and more.

According to Antony Adshead, Storage Editor of Computer Weekly, “The number of respondents that reported inadequate backup or failure to meet service level agreements (SLAs) rose to 40% in 2021 from a pre-pandemic 31% in 2019. Digging down into that, backup failure rates are quite staggering, with 37% of all jobs failing and 34% of restores failing.”

Learn More: Backup Failures Hit A High

4 – Email Infiltration

As the cybersecurity awareness training experts at KnowBe4 report, “Your email filters have an average failure rate of 7% to 10%.”

This figure is not an exaggeration. I’m employed by an Inc. 5000 ranked MSP with a powerful combination of Cisco Security, M365, Duo, Proofpoint, and Sentinel One and I routinely receive “socially engineered” emails I wouldn’t dare click on or respond to.

Learn More: What Is Social Engineering?

What’s Next?

I mention four things that can go wrong to emphasize how MFA can play a role in making more things go right.

It isn’t statistically probable that everything you have in place will fail or be strained at the same time but it’s important to employ a portfolio of measures so the odds are in your favor.

Is it worth spending a one-time fee of less than $1,500.00 to avoid losing 100 times that amount?

The MFA available within M365 is only one of many solutions. Curious about what else is out there? We help our clients find the right one for their unique requirements.

We do IT differently.

Find out what sets us apart from all the other IT companies out there.

Jed is a Solutions Advisor at Integris with over 17 years in MSP solution development, sales and marketing communications.

Keep reading

Free vs. Paid Cybersecurity Assessments

Free vs. Paid Cybersecurity Assessments

Which type of assessment is right for you? Cybersecurity assessments come in a variety of different flavors and names. Since cybersecurity is foundational to every IT system on the planet, most technology evaluation initiatives are heavily weighted toward identifying...

MSP vs. MSSP: Blending Both for Best-in-Class Risk Management

MSP vs. MSSP: Blending Both for Best-in-Class Risk Management

Managed service providers and managed security service providers are frequently confused. A managed service provider (MSP) is not the same as a managed security services provider (MSSP). While the MSP may effectively function as an MSSP for a small and midsize...

Start Solving Persistent IT Problems Today: (3 Trouble Spots)

Start Solving Persistent IT Problems Today: (3 Trouble Spots)

The biggest IT problems are the ones you don’t know exist. Organizing your business enabling technology into simple buckets is one of the best ways to track, score, report, and collaborate with your MSP. While the IT world is filled with much more advanced models and...