Best Practices for Deploying Multi-Factor Authentication at Your Company
Cloud security has jumped to the head of the line when it comes to cybersecurity worries for businesses. With most files and processes now being cloud-based, protecting accounts from being hijacked is vital to business security and wellbeing.
In 2020, attacks on cloud accounts skyrocketed by 630% and companies can expect the onslaught to continue.
One of the most impactful tools against cloud account compromise is using multi-factor authentication (MFA) with your logins. This practice can stop nearly all fraudulent sign-in attempts.
MFA requires another authentication factor in addition to a username and password combination to grant access to an account. The most common method is the input of a time-sensitive code sent to the user’s device (which most hackers won’t have access to).
But even though MFA is so effective, the small and medium-sized businesses that use it are in the minority. According to a Global Password Security report by LastPass, the average number of organisations using MFA are as follows:
- Large enterprise organisations: 87%
- Mid-sized companies: 44%
- Small businesses: 27%
One of the reasons often cited by small and mid-sized companies for not adopting MFA is that employees complain it’s inconvenient and slows them down.
But if you implement multi-factor authentication according to a few best practices, this doesn’t have to be the case at your company. The effectiveness of MFA makes it one of the most critical safeguards to implement. Here are some tips to do it smoothly and reduce user resistance.
Use Location, Time of Day & Other Contextual Factors
You can provide great security and reduce the authentication “gates” that employees must cross through by using contextual factors along with your MFA implementation.
An example of this would be to add an additional security question if a user is logging in from outside the country. Another example would be that if a user was on your Wi-Fi network, you could assume they were located in your office and thus remove an additional authentication challenge.
Contextual triggers you can use to customise your MFA implementation include:
- Geographic location
- IP address
- Time of day
- The device being used for login
Provide MFA Options for Your Employees
No matter what change to workflow is happening, employees will often push back if they feel they have no choice in the matter.
While you won’t want to provide a choice to not use MFA, you can give employees more ownership of the process by providing them with options for how they’d like to use it for their logins.
Some of the common MFA options you could use include:
- Receiving the MFA code by text message
- Receiving the MFA code through a device app
- Using a security key to authenticate MFA codes
- Using a biometric, like a fingerprint or facial scan
Treat MFA as a Business Change & Employ Change Management
A change to a major process, such as how employees log into their work tools each day, should be managed. The field of change management has been growing and it’s a framework for guiding employees through a change successfully.
Incorporate some of the tactics of change management into your MFA implementation to give it a better chance of success. This includes things like communicating the upcoming change with employees in advance, taking time to address concerns, and providing the proper training and support users need.
Couple Single Sign-On (SSO) with Multi-Factor Authentication
It’s not only employees that worry about productivity with the thought of adding an MFA step to every single login. Business owners also worry that the productivity drain might not be worth the additional security measure.
You can solve this dilemma by coupling a single sign-on technology along with MFA. This is a tool that connects to employee cloud accounts and allows users to authenticate once to access all their accounts.
Using SSO with MFA will actually reduce the time it takes employees to access their work tools and apps, improving productivity and eliminating the complaint that MFA will take longer.
Provide Support After Implementation to Increase User Adoption
Your work introducing any change, including multi-factor authentication, isn’t done when you go live with the new system. Users need support after a new process has been implemented to help them get over any road bumps.
The simple act of having a dedicated help desk for employees to access and touching base with your team to answer questions in the weeks following MFA implementation can significantly improve success. Users inevitably run across issues when they begin using a new process, and proactively addressing these can improve user adoption over the long run.
Get Help Implementing MFA & SSO to Improve Your Cloud Security
Don’t leave one of the most important cloud security safeguards out of your strategy. GKM2 can help your Sydney area business successfully implement MFA and SSO to improve security and user experience.
Contact us today to learn more. Call +61 2 9161 7171 or reach out online.