Why SMBs need multi-factor authentication

February 19, 2019

Businesses of all sizes are susceptible to security breaches, but attacks can be more damaging to small to midsized businesses (SMB) than they are to enterprises. Larger organizations are more resilient to attacks, simply because they have more resources. In other words, if an attack takes a branch office offline for a week, the rest of the enterprise is still generating revenue. That same attack might put a small company with a single location out of business.

One way that SMBs can reduce the likelihood of an IT security breach is to add an additional layer of security with multi-factor authentication (MFA). MFA is a security mechanism that requires a user two or more forms of identification before a user is granted access to a system. One very common example of multi-factor authentication is to require an ID card and a PIN number (e.g., ATM/debit card).

Another popular approach is to require a username and password along with a software generated one-time password. You are probably familiar with this approach, but here’s how it works: 

  1. User enters password
  2. Software prompts the user for contact info
  3. A one-time password is generated and sent to the user via txt or email
  4. The one-time password is entered, and the user is granted access

Some MFA software can use a smartphone’s fingerprint scanning capability in place of a one-time password, making the process even easier for the user. Since MFA requires a change in user behavior, features like this are compelling. Additionally, deploying it can be a sort of “teachable moment.” Consider using the opportunity to provide IT security training for employees. Some topics to cover: creating a strong password, safe browsing habits, and how to identify phishing attacks.

You may want to consider multi-factor authentication for physical security as well. An example of this might be deploying a security system that requires a key card as well as a password.

Don’t forget backup

Multi-factor authentication, much like anti-virus software, is just one tool in your data protection toolkit. Unfortunately, even with these measures, security breaches still occur. That’s why backup is a critical part of an effective data protection strategy for SMBs.

Modern backup tools, such as Carbonite Endpoint and Carbonite Server, allow users to restore data that has been deleted, lost, or corrupted in a security breach.