A recent report by CoreView Research found that 97% of all Microsoft 365 users do not use MFA. MFA or ‘Multi-Factor Authentication’ is a security method you can use to improve your account security. MFA adds an extra layer of authentication to your accounts by requiring you to use a secondary device, such as your phone, to verify your identity.
Usually, MFA involves sending a notification or text to your mobile phone which contains a unique code that you enter alongside your password. Other methods include authenticator applications that are installed on your devices and generate a new unique code every 30 seconds.
Attackers typically target Microsoft 365 accounts via email-based phishing or spear-phishing attacks and statistics show that over 1.5 Million M365 accounts were breached last year. MFA is one of the easiest ways to reduce your exposure to this type of threat and makes gaining unauthorized access to your Microsoft 365 and other online accounts much more difficult. Despite the alarming statistics, research from ‘CoreView’ shows that 97% of all Microsoft 365 users do not use MFA, and up to 78% of administrators, those with full control over Microsoft 365 environments and access to the data within, are not securing their accounts either which suggests a lack of understanding about the importance of data security and threat awareness.
With more sophisticated attacks emerging daily it is critical to ensure that you take every reasonable precaution to protect your systems and the data you hold. MFA is free to use with Microsoft 365 and with the majority of online services, the reality is that if you care about protecting your data, MFA is no longer a choice.
Cyber Wise strongly recommends you implement MFA for all online accounts and services, that you ensure all team members are aware of the threats they are likely to face and how to respond appropriately. If you need any help with MFA or you would like to discuss your resilience to business crime contact a member of the Cyber Wise team on 0161 476 8273 or email firstname.lastname@example.org.