Implement MFA and erase the target on your back

Whether it is a phishing attack, non-payment/non-delivery scams, or extortion, it only takes one wrong mouse click or one unattended access point to grind your business to a halt.

By BRETT GERRISH

Every year, more small business owners discover the threat of cyberattacks. Cyberattacks are a threat that is real and growing. An annual report by the FBI pointed to nearly 800,000 unique complaints and $4.2 billion in reported losses in 2020 alone.

COVID-19 has only made things worse as more businesses reimagined existing roles to accommodate remote work — adding new access points for cybercriminals and making it harder for businesses to effectively secure data like customer information, account details, and intellectual property.

In order to reduce the risk of lost or stolen information, many retail vendors are mandating the use of advanced security protocols like multi factor authentication (MFA). If you haven’t implemented MFA yet, you may have to next week, next month, or next year. Here’s what you need to know…

MFA: What is it and why does it matter?
MFA is any instance where two or more pieces of evidence must be provided to validate a person’s identity before they can access a program or resource (if exactly two different methods are used, it may be referred to as two-factor authentication (2FA)). The evidence is often first something you know, such as a user name and password, and then a secondary detail like a single use, five-digit code sent to you through something you alone can easily access — an email address or a text message or call to your phone.

Because most criminals look for the easiest access point possible or cast a wide net of scams, MFA creates a wall between a potentially unattended or ill-attended access point and the valuable information at risk.

Common Challenges to MFA Implementation
Change doesn’t come without conflict and your business may see challenges pop up as it begins implementing multi factor authentication. Some common challenges — and effective strategies to combat them — include:

• Not understanding the threat: Cybersecurity might as well be a second language for many people — you can’t touch it or see it and its effect isn’t always noticed. Nearly 90% of data breaches result from human error — negligence, lack of awareness, and poor access controls. It’s essential that you educate your team about what cybercrime is, how it occurs, and why security protocols like MFA can limit its impact on your company.
• Deciding your company’s best path to MFA: Every business is unique and your rules and regulations may make some MFA options ineffective.
  • Do you allow phones on the floor?
  • Are phones the property of the company or your employee’s personal phone?
  • Is email easily accessible to any staffer?
  • Are customer push notifications not an option?
  • Is the customer experience negatively affected?
    Consult an expert about how best to implement MFA in your business to reduce any performance issues or unexpected hiccups along the way.
• Unhappiness about new & extended training procedures: Most people don’t like change and implementing MFA or any security protocol is not only change, but change that requires training. Again, by educating your team about the risks related to unsecured access points and the potential cost — both in dollars and jobs — you can reduce the groans of unhappiness and make the short-term challenges of training both bearable and even a chance for employee bonding.

Start Adding MFA to Your Cyber Security Plan
Many of today’s top financial institutions, health care companies, law enforcement agencies, and large global corporations utilize MFA to protect their systems — President Joe Biden even signed an executive order in May 2021 mandating stronger cybersecurity standards across the federal government including multi factor authentication. The retail industry has millions of credit card and payment transactions occurring each day — without MFA security in place, your business and businesses like yours offer glaring weaknesses criminals can and will look to exploit.

The Michigan Retailers Association encourages every member to look into MFA as a viable way to secure information, protect your company reputation, and strengthen relationships with vendors who view MFA implementation as evidence of a trustworthy business.

Ready to learn more?
Reach out to the vendors you work with about MFA implementation. If you have questions about MRA’s own payment gateways, contact Penny Sierakowski, Manager of Customer Service at 800.366.3699, ext. 366 or psierakowski@retailers.com.