Multi-factor authentication (MFA) is critical for providing an extra layer of security to enterprise accounts and applications. However, 61% of SMBs said they believe that MFA is reserved for large businesses, according to a Thursday report from CITE Research on behalf of WatchGuard Technologies. The report surveyed 650 SMBs, which were considered organizations with less than 1,000 employees.

MFA has remained unattainable to most SMBs because of high costs, complex setup, and management issues, according to a press release. However, MFA is one of the easiest, most basic ways to keep accounts protected.

SEE: Security awareness and training policy (Tech Pro Research)

“We know that a massive portion of data breaches involve lost credentials, and since cyber criminals target organizations of any size, MFA is now a prerequisite for all businesses,” said Alex Cagnoni, director of authentication at WatchGuard, in the press release. “In the absence of MFA, cyber criminals can utilize a variety of techniques to acquire usernames and passwords, such as spear phishing, social engineering, and buying stolen credentials on the dark web, to gain network access and then steal valuable company and customer data.

Password security is even more vital for SMBs, if they can’t afford multi-factor authentication support. Yet, 47% of IT managers said they believe that SMB employees use weak passwords, and 30% said they believe that employees share passwords, according to the survey findings.

Currently, 25% of employees use the same password for everything, putting their personal information and accounts at risk. Even without MFA in place, SMBs can still take other steps to protect their companies.

Start with a solid password policy, setting the standard for how employees should be maintaining their accounts. You could designate a specific day each month where employees all change password to major accounts. Also, inform employees of the risks associated with not regularly changing passwords or using the same passwords.

The big takeaways for tech leaders:

  • Some 61% of SMBS think multi-factor authentication is only for large businesses. — CITE Research, 2018
  • With 47% of SMB employees believed to use weak password protection, these users and businesses are even more at risk for being compromised. — CITE Research, 2018