The vast majority of email related cyber attacks and the associated crimes that result from them (wire transfer fraud, data theft and further phishing attacks) could potentially have been prevented by implementing multi-factor authentication (MFA) on email accounts and other security critical accounts.

None of us would consider closing the door of our home or business premises, but not locking it, but that’s effectively what you are doing if you are not using multi-factor authentication.

 So what is MFA?

Put simply, it’s an authentication process that requires more than just a password to protect an email account or digital identity and is used to ensure that a person is who they say they are by requiring a minimum of two pieces of unique data to confirm their identity.

This unique data comes in three forms – something you know (i.e. your password), something that you have (i.e. a one-time passcode generated by an app or hardware token), or something you are (i.e. fingerprint, retinal pattern, voice signature or facial recognition).

In the event of your password being compromised, it is very unlikely that the thief will also have the other unique data, so the chances are that your email account or digital identity will remain secure. It will help to increase your overall cyber security and decrease the chances of your company’s reputation being harmed or your business being impacted.

There are a host of both free and pay to use MFA apps available and its worth speaking to your IT department of Managed Service Provider, but below are some additional resources:

Resources on how to set up MFA for Microsoft Office 365 can be found here.

Resources on how to set up MFA with Google can be found here.

Authentication apps such as Google Authenticator, LastPass Authenticator, Authy, Microsoft Authenticator or Yubico Authenticator are available free for a large number of digital services.