Back to blog
Why it matters if your team's not using MFA

Why It Matters If Your Team’s Not Using MFA

4 minute read

In a world where online services have become integral to our daily, Multi-Factor Authentication (MFA) plays a vital role in safeguarding our sensitive information. But what happens when MFA is going unused in the workplace? 


If you’re already an MFA user, you’ll recognise first-hand the significant contribution it makes towards your security measures. By combining passwords with additional layers of identity verification – such as biometrics and location – MFA makes it far more difficult for unauthorised individuals to gain access to your sensitive business information.  


As cyber threats continue to evolve, the importance of MFA as a security cornerstone can’t be overstated. But most of its power lies in its adoption – and unfortunately, one of our platform’s key insights is around the patchy adoption of MFA. Without individuals making use of this basic security motion, the wider organisation remains at risk. 


But let’s start from the beginning. 


What is MFA? 


MFA is a common method of authentication that requires several ‘factors’ to be provided in order to confirm someone’s identity – and therefore authorise access. The factors required are something you know (password, PINs etc.), have (key, smart card, authenticator app), and are (fingerprint and other biometrics, location), making for a secure and personal method of verification. 



Why Aren’t People Using MFA? 


In 2022, the Cyber Readiness Institute, conducted an extensive global survey encompassing 1,400 small and medium-sized businesses. The results were revealing, painting a concerning picture of cybersecurity preparedness within these enterprises. Shockingly, 55% of the companies surveyed had yet to implement multi-factor authentication (MFA) in their security protocols. Even more concerning was the fact that, of the companies that had adopted MFA, only 28% made it a requirement for their employees – potentially leaving a substantial portion of their digital infrastructure vulnerable.  


Equally troubling, the survey revealed that nearly 60% of respondents had not even broached the topic of MFA with their employees, highlighting a critical gap in cybersecurity awareness and measures in the ever-evolving landscape of digital threats. Likewise, low MFA adoption is one of the most commonly reoccurring observations surfaced by the Surveil platform. 


So, what’s the reason for low Multi Factor Authentication uptake?  


A common deterrent is the potential for increased friction and frustration in the user experience. MFA implementations often add complexity and time to the login process, which can be particularly vexing for users navigating the demands of today’s fast-paced digital environment.  


Elsewhere, businesses could have under-adoption of MFA and not necessarily be aware of it – or of the consequences. After all, nobody using MFA would be seen as disastrous, but under-adoption is also dangerous, robbing organisations of a united front. 


Why Should Businesses (and Their People) Be Using Multi Factor Authentication? 


Let’s put the vague doom-mongering to one side for a moment and look at the concrete facts of why MFA is so crucial in your organisation – and why under-adoption could be fatal. 


Security comes first: One of the primary reasons for implementing MFA is the significant boost in security it offers. MFA requires users to provide multiple forms of verification before granting access, effectively placing several robust barriers between unauthorised users and your valuable data. By combining something a user knows – such as a password – with something personal to them, like a fingerprint, MFA makes it considerably more challenging to breach accounts or gain access to sensitive systems. MFA is a cornerstone of security hygiene and is a basic step to protect individuals and data, allowing other measures to work properly.  


Protect your data: Multi Factor Authentication aligns companies with vital regulations like the GDPR and industry-specific standards, ensuring that they not only comply with the law but also go above and beyond in safeguarding sensitive information. This minimises the risk of financial penalties for non-compliance but also sends a resounding message about the company’s dedication to data security and privacy. Passwords are often the target for many a hacker – and despite guidance, they might still be reused, guessable and unsecured. This means they’re no longer sufficient to keep attackers out, and passwords alone could increase the organisation’s risk. 


MFA is Zero Trust’s Partner-in-Crime: If your business is working towards implementing a Zero Trust framework, then enforcing MFA in your business is the way to go to. MFA, with its multi-layered identity verification, complements the Zero Trust philosophy that “trust must be earned continually, never assumed.” Together, they provide both the means to verify and the security standards to which users should be held. 


Keep your Microsoft Secure Score Up: The under-adoption of MFA significantly impacts your Microsoft Secure Score, a powerful metric that serves as an indicator of your business’ overall security health. By ensuring adoption of MFA across your users, it’s possible to positively impact your Secure Score while protecting your business and employees. 


Scale Your Security: Finally, there’s the matter of scaling. A business is never too small to adopt Multi Factor Authentication and other smart security practices – doing so at an earlier date will make it far easier to scale security efforts as the business grows. After all, if you can’t implement at this level with a handful of employees, how will you be prepared when the team doubles and expands geographically?  



Fix the Under-Adoption Problem 


It can be daunting, but fixing your under-adoption of MFA can realistically be solved in a few steps.  


To start, understand the extent of your under-adoption by leveraging Surveil’s deep analytics to surface MFA usage and evaluate your Microsoft Secure Score. From here, it’s far easier to develop an understanding of your security stance.  


Next, mandate MFA by incorporating it into your security policies, use tools like Microsoft Entra to enforce compliance, and conduct training sessions to emphasise its importance.  


Lastly, make sure you are proactive with your approach. Continuously monitor your Multi Factor Authentication usage across the business with the help of Surveil. You’ll be able to pinpoint areas of low usage and understand the causes, maintaining a more secure and resilient workforce.  


MFA has become a basic security function that remains underutilised. With Surveil’s help, you can understand where adoption is low and identify other security measures to implement across your departments. Get in touch today to see how we can help or contact your Microsoft Partner for a Surveil Health Check. 

Related articles