61% of firms believe multi-factor authentication isn't for SMBs, but they're wrong

Multi-factor authentication (MFA) is critical for providing an extra layer of security to enterprise accounts and applications. However, 61% of SMBs said they believe that MFA is reserved for large businesses, according to a Thursday report from CITE Research on behalf of WatchGuard Technologies. The report surveyed 650 SMBs, which were considered organizations with less than 1,000 employees.

MFA has remained unattainable to most SMBs because of high costs, complex setup, and management issues, according to a press release. However, MFA is one of the easiest, most basic ways to keep accounts protected.

SEE: Security awareness and training policy (Tech Pro Research)

“We know that a massive portion of data breaches involve lost credentials, and since cyber criminals target organizations of any size, MFA is now a prerequisite for all businesses,” said Alex Cagnoni, director of authentication at WatchGuard, in the press release. “In the absence of MFA, cyber criminals can utilize a variety of techniques to acquire usernames and passwords, such as spear phishing, social engineering, and buying stolen credentials on the dark web, to gain network access and then steal valuable company and customer data.

Password security is even more vital for SMBs, if they can’t afford multi-factor authentication support. Yet, 47% of IT managers said they believe that SMB employees use weak passwords, and 30% said they believe that employees share passwords, according to the survey findings.

Currently, 25% of employees use the same password for everything, putting their personal information and accounts at risk. Even without MFA in place, SMBs can still take other steps to protect their companies.

Start with a solid password policy, setting the standard for how employees should be maintaining their accounts. You could designate a specific day each month where employees all change password to major accounts. Also, inform employees of the risks associated with not regularly changing passwords or using the same passwords.

The big takeaways for tech leaders:

Some 61% of SMBS think multi-factor authentication is only for large businesses. — CITE Research, 2018
With 47% of SMB employees believed to use weak password protection, these users and businesses are even more at risk for being compromised. — CITE Research, 2018

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE The purpose of this policy from TechRepublic Premium is to provide guidelines for employee performance reviews, which will clearly document accomplishments and areas of opportunity via an encouraging and thought-provoking analysis. This will assist in determining the next steps for employees as well as their future at the organization. This policy can be customized ...

PURPOSE The purpose of this policy from TechRepublic Premium is to provide guidelines for requesting, filing and permitting paid/unpaid time off as well as to ensure coverage during holidays, vacation(s) and other absences where staffing levels must be consistent to meet the needs of the business. From the policy: TIME OFF GUIDELINES All time off ...

PURPOSE This policy describes the organization’s employee privacy guidelines and outlines employee privacy expectations. From the policy: POLICY DETAILS The organization’s IT equipment, services and systems are intended for business use only. However, the organization acknowledges that staff, consultants and volunteers occasionally require opportunities to make or receive personal phone calls, access personal email, utilize ...

61% of firms believe multi-factor authentication isn’t for SMBs, but they’re wrong