Turn on MFA: the cheapest security win for your business

If you do one thing for your business’s security this month, make it this: turn on multi-factor authentication (MFA) for every user.

MFA is that second step when you log in — a code or an approval on your phone. It sounds small, but it blocks the overwhelming majority of account takeovers, because a stolen password alone is no longer enough to get in. Most attacks on small businesses start with exactly that: one leaked or guessed password.

Three quick wins

• Enforce it for everyone — not just the owner or the admins. One unprotected mailbox is all an attacker needs.
• Use an authenticator app rather than SMS codes where you can — it’s more secure and harder to intercept.
• Don’t forget admin accounts — they’re the highest-value target and the most damaging if compromised.

If you’re on a modern email and productivity platform, MFA is already included — you just have to switch it on and roll it out properly. If you’d like a hand doing that across your team, it’s exactly the kind of thing our free IT and security assessment covers.