Multi-factor-authentication (MFA) is critically important to the security of your business. According to Microsoft, 99.9% of Microsoft account breaches would have been prevented if MFA would have been enabled, making MFA critical for Office 365 and other online accounts (and we recommend MFA for your Windows login as well).
Long story short, we recommend adding multi-factor authentication to everything you can.
The problem is MFA fatigue: This is when you get prompted for MFA so much that you stop tracking whether the MFA prompt is valid and unknowingly approve it. You should only see an MFA prompt for something you are doing or something happening with an app in the background. The problem is if you approve an MFA blindly (meaning you didn’t trigger the request) you defeat the purpose of the MFA in the first place.
We’ve seen the examples from a business work with. The employee saw an MFA prompt from the Microsoft Authenticator app on his phone and approved it blindly, not realizing he didn’t trigger the request, but somebody had his password and was trying to log into his account. This resulted in the hacker gaining access to the user’s email. Weston followed our security incident response process and standard-operating-procedures and isolated and locked down the PC and the client’s email account (as well as triggered password resets on the rest of the email accounts in their tenant, along with our other lock down procedures) as soon as we were notified.
Don’t let yourself fall victim to MFA fatigue. MFA is there for a reason and many insurance companies are now even requiring it as part of their cyber insurance approval process. It will add a massive layer of protection to your accounts, but only if used properly.