20 years
15 employees
60 clients
200k Tickets Closed
83% resolved remotely
97% Resolved within SLA Goal

MFA Could Have Saved This Business Hundreds Of Thousands Of Dollars…

This business opted not to invest in a few dollars per user on a multi-factor authentication solution, and a few months later, it cost them hundreds of thousands of dollars. Are you making the same mistake?

Do you know the value of a simple security solution like multi-factor authentication (MFA)?

It can be easy to underestimate its importance if you’ve never had your organization’s security breached. After all, hindsight is 20/20.

Case in point: a client of ours ignored our recommendation to implement an MFA solution, and it ended costing them six figures. Are you sure you don’t need an MFA solution?

Download Our MFA Business Case

Without MFA, This Business Was Vulnerable To Phishing Scams

We recommend a range of important cybersecurity solutions and best practices to all our clients. Based on our experience in the field, and the expertise we built in managing cybersecurity, we’ve developed a strategic approach to mitigating common cybercrime threats, including phishing.

However, at the end of the day, it’s up to our clients to actually adopt these solutions and follow these best practices. In this case, the client didn’t want to spend $5 per user per month for the MFA solution. Saving money in their cybersecurity budget ended up costing them a lot more down the line.

How Does MFA Work?

When you log in to an account that has MFA enabled, in addition to entering your password, you must either enter in an added generated code, or authorize login with a “push” request to a secondary device.

In the event your password is compromised, your account can remain secure as the cybercriminal is unable to authenticate the secondary requirement.

There is a range of options for generating the MFA codes:

  • Receiving a text message
  • Using a dedicated authenticator application
  • Possessing a physical device on which you must push a button to verify that you are the authorized user of that account

In total, our MFA solution would have cost this business around $100/month for their entire staff. Looking back, this client now knows it would have been a small price to pay compared to the money they would eventually lose.

How Did This Business Lose So Much Money?

Without our MFA solution in place, this business had no secondary protection on their account logins. All a cybercriminal would need is the username and password for a staff member’s account, and they would have access.

In this case, a new employee was targeted in a phishing attack and gave up their login credentials. Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information.

After all, it’s very easy for cybercriminals to gather information about specific users, either on the company website or on social media, and use it to send a convincing email to phishing targets. In this Anatomy of an Attack video by Cisco, you can see how simple it is for cybercriminals to trick unsuspecting targets.

While an observant and well-trained user can sometimes spot a phishing email, it’s not always easy to do so. That’s why MFA is so important — it’s a final line of defense to keep the wrong person from accessing private business accounts.

The cybercriminals in this incident used the compromised credentials to access the business’ finances, and then executed a wire transfer, sending themselves hundreds of thousands of dollars. If the business had implemented an MFA solution like we had urged them to, the cybercriminals never would have been able to access the account or steal the money.

Where Is This Business Now?

In light of how much they lost in this attack, this business has now implemented our MFA solution for their entire staff. We are also managing ongoing cybersecurity training for their staff, showing them how to spot phishing emails, and better protect their credentials in the future.

Cybersecurity awareness training is a highly effective way to defend your organization from phishing, ransomware, and other scams. This method recognizes how important the user is in your cybersecurity efforts. A comprehensive cybersecurity training curriculum will train users to ask important questions about each and every email they receive:

  • Do I know the sender of this email?
  • Does it make sense that it was sent to me?
  • Can I verify that the attached link or PDF is safe?
  • Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
  • Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
  • Does anything seem “off” about this email, its contents, or the sender?

The right training services will offer exercises, interactive programs, and even simulated phishing attacks to test your staff on a number of key areas:

  • How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
  • How to use business technology without exposing data and other assets to external threats by accident.
  • How to respond when you suspect that an attack is occurring or has occurred.

Is Your Organization Protected By MFA?

If you’ve hesitated to enable MFA for your accounts because it seems too complicated or too expensive, keep this example in mind. This business chose to save $100/month on an MFA solution, and in the end, they paid dearly for it.

As they say, “An ounce of prevention is worth a pound of cure”. The lesson is that it’s better to invest in your cybersecurity now, rather than pay 1000x as much down the line.

If you’re unsure about how to implement an MFA solution, don’t try to handle it all on your own. Palindrome Consulting will help you evaluate your password practices and security measures as a whole to make sure you’re not taking on any unnecessary risks.

Schedule your No-Obligation IT Assessment with Palindrome Consulting

Schedule Now

Palindrome Consulting
4.9
Based on 12 reviews
powered by Google
Elizabeth Mitrani
Elizabeth Mitrani
17:23 06 Aug 19
Palindrome Consulting was key in establishing my business and helps me keep it running. They are the consummate... professionals, incredibly knowledgeable and are always available to help. They have gone above and beyond to ensure that I was up and running quickly and that any issues that may arise on my end or dealt with immediately. I highly recommend Palindrome Consulting.read more
Moshe Rubinstein
Moshe Rubinstein
14:57 28 Jun 19
They are there every step of the way. Responsive and timely. The full service mentality mixed with the problem solving... abilities, is what makes them an easy choice.read more
Benjamin Wainberg
Benjamin Wainberg
14:09 28 Jun 19
Palindrome Consulting is customer centric. For Palindrome Data Safety is paramount; they keep their and our systems... updated with the newest technologies and are not shy at changing to better alternatives. Their platforms are always running and in the odd case there is an event, their technical team has an awesome response time.read more
Copier Man
Copier Man
13:56 28 Jun 19
We have been using Palindrome since 2005. They make my company feel like we are #1 all the time. Expert staff are... always available to help all my users all around the country.read more
Nelson T
Nelson T
20:32 25 Jun 19
Palindrome Consulting has proven itself time and time again to be the epitome of professionalism and technical... expertise. They take the time to listen to your needs and then apply their wealth of technical knowledge to create truly innovative and robust solutions. They truly deliver piece of mind.read more
Next Reviews