Understanding the importance of Multi-Factor Authentication (MFA)
© Science Photo Library / KTSDESIGN / mauritius images
    alt txt



    Why a single password is no longer enough

    We simply can’t overstate the danger cyber threats pose to businesses of every shape, size, and nature. It’s not only large multinationals that face an ever-rising risk of attack from ransomware, phishing, and data breaches, it’s also UK-based SMEs who need to protect themselves. In today’s daunting cyber threat environment, a lone password simply isn’t enough to protect any businesses’ devices, and the data on them. 

    As hackers grow more sophisticated, so must our solutions

    Part of the problem is that it’s people who make passwords. And people, no matter how risk-aware, seek convenience. Which means we tend to come up with simple passwords, easily remembered, which we can reuse for multiple accounts, and share with other people. Even the strongest passwords are vulnerable.

    In truth, we can no longer consider an account with only username and password to protect it as truly secure.

    As well as people, we must also address an underlying, yet often overlooked weakness in the system of cloud technology.

    Cloud technology

    Not all sunshine and light?

    One of the main benefits that cloud applications offers is functionality across multiple accounts, meaning that a single login can be used to access emails, word documents and more. While this does allow staff to navigate multiple applications quickly and easily, it also presents a critical risk to cyber security.

    If a cyber-criminal can successfully learn the credentials of an authorised user and log in, they will have access to multiple systems. Once inside, criminals can steal data, intercept payments, and extort businesses. The only thing preventing attackers from gaining access is passwords, which using today’s advanced scam technology really aren’t difficult for criminals to learn.

    Another issue is the rise in remote working over the last 3 years, which has only accelerated the move to cloud technology. In fact, we’re now seeing smaller, more traditional businesses, those with physical premises, also using cloud technology to allow staff easier access to their networks. While undeniably beneficial to many businesses, this shift has also resulted in an increased risk to business resilience.

    There are multiple benefits of Multi-Factor Authentication (MFA)

    So, how can we strengthen user logins in a way that doesn’t get in the way of our staff doing their job? One answer is Multi-Factor Authentication (MFA). While it’s alarmingly easy for attackers to steal one form of authentication, such as discussed regarding passwords, it’s much harder, if not impossible, for them to steal multiple styles of authentication.

    Dual factor authentication may be a Password and Face authentication i.e., Something You Know and Something You Are, while three factor authentication is even more secure and perhaps requires PIN, Face, and ID badge, so Something You Know, Something You Are, and Something You Have. 

    Either option significantly reduces the most common and dangerous types of threat, like ransomware and Business Email Compromise attacks. 

    Yet, 54% of small to medium sized enterprises do not implement MFA for their business, and only 28% of these businesses require the use of MFA in their cybersecurity policies...1

    One-time generated code, stronger protection

    In action, here’s how MFA can work. When a user tries to access a system, a One-Time generated code is texted or emailed to them to verify their login is genuine. This demonstrates ownership of a trusted device or email account i.e., Something You Have, as well as knowledge of the account password, Something You Know. 

    With passwords no longer an adequate defence in isolation against cyber-attacks, it’s vital that businesses use MFA to make sure their networks are robust, resilient, and more completely protected against worst-case scenarios. 

    Cyber security only goes so far

    Our cyber insurance solution goes further

    What’s best for businesses of every size – small, medium, and blue-chip – is to plan for every eventuality, even a dreaded data breach. Any form of attack though could significantly impact a company, financially, reputationally and operationally, which is when cyber insurance could prove invaluable.  

    Our own product provides businesses with a simple, robust solution for a range of first party and third-party risks related to cyber-attacks, all backed by strong breach response and restorative support services. 

    Matt Drinkwater, Cyber Underwriting Manager
    © Munich Re Specialty Insurance UK
    Whilst it’s the big companies which grab the headlines, cyber-attacks against SMEs are just as common and the frequency and severity of these are increasing year on year. Cyber criminals don’t discriminate between the size of the business, or sometimes even the industry, but what they do is target an organisation’s defences, or lack of defences, and unfortunately the defences of an SME’s can be weaker than the defences of a larger company due to the size of their IT security budget.
    Matt Drinkwater
    NMU Cyber and Financial Lines Underwriting Manager

    An introduction to Decoding Cyber

    We hope you agree on the importance of learning more about the world of cyber and its risks. To this end, we’ve created Decoding Cyber, an education tool designed to help brokers talk to their clients about cyber risks and coverage with confidence.  

    By continuing to supply brokers with insightful thought-leadership and engaging content, we can help increase awareness of the cyber threats that businesses face and increase cyber resilience within our industry and beyond. 

    Get in touch with us

    Businesses looking for more information on cyber insurance should contact their insurance broker.

    Insurance brokers looking for more information about our cyber insurance solution for their clients can contact their local NMU Development Underwriter.

    1 Cyber Readiness Institute - Global Small Business MFA Study


    The information provided in this content is intended for UK insurance brokers acting on behalf of their prospective or existing clients. 

    Any description is for general information purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any product. Policyholders who have questions or wish to arrange or amend cover should contact their insurance broker. Insurance brokers can find details of how to contact us here

    Any descriptions of coverage contained are meant to be general in nature and do not include nor are intended to include all of the actual terms, benefits, and limitations found in an insurance policy. The terms of any specific policy will instead govern that policy. Any guidance for UK insurance brokers is intended to provide general information only, and should not be used as a substitute for legal advice.

    Matt Drinkwater
    Matt Drinkwater
    Cyber & Financial Lines Underwriting Manager