More than 70% of surveyed Singapore professionals say that their company is using more cloud services these days. During the pandemic-caused lockdown, Alibaba Cloud saw an increase of over 50% in demand for cloud computing technologies from companies of all types. The move to the cloud is necessary to keep up with tech advances and ensure business continuity, but it has also caused a new concern about data security. Most small business cloud accounts are only protected by a user password. Hijacked cloud accounts are on the rise as hackers evolve their tactics to go where the data and work processes have gone. Often, users’ passwords are all too easy to get past due to several factors. These include:
- Use of weak passwords
- Passwords being reused across multiple accounts
- Large scale data breaches that expose lists of user logins
- Companies not implementing multi-factor authentication
One of the proven methods for preventing account compromise is multi-factor authentication (MFA), yet only 27% of small businesses use it. One of the biggest reasons that it’s not used is because of user resistance. Users don’t want to add an additional step to their login process to get to their work tools. MFA adds a step after the username and password is entered, which is to have the user authenticate through a code that is sent to their device, a security key, or a biometric. But the increase in IT security is well worth that additional step. If a hacker is able to access an online company account, they could potentially:
- Access all cloud storage files
- Release ransomware into the environment, which could then also infect any syncing PCs
- Send phishing from a user’s email address
- Add or remove platform users
- Access financial or baking information
- Change account security settings
- And more
According to Microsoft, MFA is 99.9% effective as a safeguard for cloud accounts. This makes it a vital tool to deploy, and if you follow our tips below you can do it without all the employee pushback.
How to Get Your Employees Onboard with MFA
Use a Change Management Approach to Mitigate Resistance
Any type of business transformation that impacts employees has a significant chance of failing if those users aren’t properly guided through the process. This is the premise of change management and it’s an approach that is used to make company transitions more successful. If you use change management tactics, you can reduce the employee resistance to multi-factor authentication by paying attention to user concerns and addressing those effectively before deployment. Some of the change management tactics include:
- Communicating the change early on to keep users in the loop.
- Assessing users/groups for any resistance
- Addressing resistance with education on the benefits of the change
- Providing adequate training
- Providing continuing support to address road bumps after implementation
Reduce the Number of Login Instances with SSO
Multi-factor authentication does add a step to the login process. And even if that is only 30 seconds, it can add up over multiple logins and frustrate users. You can introduce MFA in a way that reduces the time it takes employees to access cloud tools each day by coupling it with a single sign-on (SSO) application. SSO is a tool that connects to a user’s various cloud and online accounts. It provides a place to sign in one time to gain access to all the connected accounts. Using MFA with SSO allows you to add necessary security to your company cloud accounts, while actually improving the convenience to the user and saving them time.
Offer Different Ways to Use MFA
If users have a choice in how they use MFA, then they’ll be more willing to accept the change in their workflow. So, providing a choice can help you gain support and ensure employees aren’t looking for workarounds to using the new system. Three standard options that you could provide your employees as options for how they’d like to use multi-factor authentication are:
- Receiving the MFA code by SMS (slightly less secure than the other methods, but the most convenient for users)
- Receiving the MFA code by device app prompt (a balance of security and convenience)
- Using a security key that inserts into a device (the most secure method, also more expensive as the key needs to be purchased)
Depending upon the attack type and method used. MFA can be as much as 100% effective. Below is a chart from Google that compares device-based challenges and their effectiveness per three different types of attacks.
Get Help Improving Your Cloud Account Security
Managed IT Asia can help your Singapore business with a successful implementation of multi-factor authentication and SSO to improve security and user convenience. Contact us today to schedule your free consultation. Call +65 6748 8776 or reach us online.
MANAGED IT ASIA, we are an IT Support, IT Solutioning and Managed IT Service Provider specializing in serving Small Businesses across Asia. Call us at +65 6748 8776 and let us manage your Small Business IT today!