Why multi-factor authentication (MFA) is crucial to your company’s cyber security

Recently, several industry research articles and whitepapers have been published regarding cyber security. These highlight just how effective implementing multi-factor authentication (MFA) can be.

Following the whitepapers, several cybercrime and cyber liability insurers have issued guidance to advisors and clients requesting that implementation of these MFAs should be viewed as urgent risk management which should be implemented as soon as possible.

Whether or not you have cyber insurance in place, please do look through the advice and resources available below to introduce free but effective risk protection on your cyber vulnerabilities.

If you need any guidance or want to investigate cyber covers further, contact your TRF Insurance Practitioner.

In the meantime, we will provide a precis of the various reports and guides recently released in our next newsletter to give you the most salient points for consideration.

Just one insurer’s client recommendation is included below and the content is representative of the general advice across the market.

Implementing MFA

Implementing multi-factor authentication (MFA) is a business-critical imperative.

The CFC Incident Response Team notes that the vast majority of claims for business email compromise (BEC) and the associated crimes that result from such a compromise (wire transfer fraud, data theft and further phishing attacks) could potentially be prevented by implementing MFA on email accounts and other accounts.

Due to the proliferation of modern methods used by cybercriminals, not using multi-factor authentication is akin to closing the door of your home but not locking it.

To improve your security posture, and to bring it up-to-date to face current threats, the use of MFA is highly recommended.

So what is MFA?

It’s an authentication process that requires more than just a password to protect an email account or digital identity and is used to ensure that a person is who they say they are by requiring a minimum of two pieces of unique data that corroborates their identity.

This unique data comes in three forms – something you know (i.e. your password), something you have (i.e. a one-time passcode generated by an app or hardware token), or something you are (i.e. fingerprint, retinal pattern, voice signature or facial recognition).

In the event of a password compromise, perhaps as a result of a phishing attack, it is very unlikely that the threat actor will also have the other piece of the authentication data.

Therefore, the chances are that your email account or digital identity will not be compromised.

It will increase your overall cyber security posture and will decrease your chances of reputational harm and negative business impact.


There are many free MFA apps and more comprehensive corporate solutions. Below are some additional resources.

Resources on how to set up MFA for Microsoft Office 365 can be found here.
Resources on how to set up MFA with Google can be found here.
Authentication apps such as Google Authenticator, LastPass AuthenticatorAuthyMicrosoft Authenticator or Yubico Authenticator are available free for a large number of digital services.