Did You Know That 90% of MFA Solutions are Phishable?
If you have 2-factor
authentication implemented, it doesn’t automatically mean that all phishing
attacks can be prevented. People are always startled when they hear that their current
Multi-Factor Authentication solutions can be easily phished by hackers, and
many are shocked when we explain to them just how simple it is to bypass or
hack most MFA solutions.
In many cases, it’s as
easy as getting access to someone’s password for one of their accounts. Here’s
a video example showing just how easy is it to phish an MFA service.
Stronger MFA Solutions
If you’re currently
searching for an MFA solution, your top priority is to ensure that it is
phishing resistant. As previously alluded to, 90-95% of most MFA tools are easily phishable, and
the only option to avoid being the victim of cybercrime is to upgrade to a
solution that is phishing resistant. Here’s a list of MFA solutions that are phishing resistant,
but if you have any questions about finding one for your GTA business, then
contact us here.
What can you do if you
have a phishable MFA solution?
If your SMB is currently
using a vulnerable MFA solution, and you are not able to make an immediate
switch, then at the very least – it is critical that you apply a robust
cybersecurity awareness and training program for all your employees.
Keep in mind that even
the strongest MFA solutions are not completely phishing-proof. No solution will
be completely bulletproof to cyber-attacks and that is why your employees,
stakeholders, and any other business members in your organization should be
educated in the following areas.
does MFA prevent and does not prevent?
to properly use your MFA
to handle a rogue attack
phishing attacks and how to avoid them
Here’s a scenario to
consider if your current MFA is vulnerable to Man-in-the-Middle attacks. You need to ensure
that all your end users know what to look for and to pay special attention to
URL links and attachments sent via email. Even though this is very
straightforward, many people still fall for unsuspecting emails and cannot
defend themselves against rogue phishing threats if they saw one.
The next critical step is
ensuring that your users know what to do next if they suspect that they have
been phished. Many people get scared and ignore it, but the right thing to do
is to immediately report it to your IT department.
Pro-Tip: it is critical
to be aware of spear phishing attacks and how to spot them. Hackers
successfully impersonate internal staff at your organization and if no one
reports it to an IT authority, then this can be a major problem if they are
Push-Based MFA is a type of multi-Factor
protection, you need to ensure that all employees know how to handle
authentication prompts for all their logins (including logins that are not
active). Studies have shown that up to 30% of employees with push-based MFA
approve login prompts even when they are not trying to log in to the
You should never fully
trust that all your employees understand cyber safety and that they will know
how to defend themselves. Ongoing education and awareness are essential
ingredients in protecting your GTA business, whether you have great MFA
solutions in place or not.
Finally, you should have
a formal discussion about MFA with your current provider to find out
how resistant your current strategies are. Even though this is common
knowledge, and it is no secret, many SMBs are simply unaware of how easy it is
for MFA to be bypassed. It is in your hands as a business owner to ensure that
your business has the best tools to keep it safe. For more information on
better MFA Solutions for your GTA business, contact us here.