Skip to content

Does your company require Multi-Factor Authentication?

If you don’t have Multi Factor Authentication (MFA) turned on for your business email, do it now!

Business Email Compromise (BEC) attacks are one of the most damaging cyber-crimes and have been on the rise in recent years. According to the FBI’s Internet Crime Report for 2021, BEC attacks resulted in over $1.8 billion in losses …and that is just what was reported to the FBI. Although it is impossible to stop every type of attack, there is one simple step that can be taken to mitigate your risk. Multi Factor Authentication or MFA.

What is MFA? Simply put, MFA allows you to present two (or more) pieces of evidence when logging into an account. This evidence could be one of the following: something you know (password), something you have (smart phone), or something you are (fingerprint). MFA requires you to use evidence from more than one of these categories. If you have ever used an ATM, you have used MFA. Your debit card is something you have; your PIN is something you know

Why enforce MFA on your business email? While MFA should be enforced on as many accounts as possible, we think it is most important to secure your business email. You probably conduct a lot of business on your email – requests to your financial institution, scanning in checks to send to your accountant, sending/receiving confidential employee information (PII). Without MFA enforced, you leave all that information (either sitting in your inbox or in your sent items) available to a hacker if your credentials are compromised. Also, as more businesses turn to OneDrive and SharePoint Online for cloud file storage, those files become vulnerable as well.

What do you do now? Talk to your IT support provider and ask them to develop a plan to start enforcing MFA on your business email account. It is important that you plan this out properly. Make sure to take into consideration all of the systems that currently use email (think about your copier that scans to email, or your CRM that sends email to your clients) and verify that they will continue to work after you enable MFA. If you don’t have an IT support provider, Copy Systems, Inc. can be a partner with a local, security-focused Managed Service Provider.

For more information on Multi-factor Authentication read this Internet Crime Report from the FBI:


This article was written by Aaron Fincham, vCIO at Copy Systems Inc.