The average employee in Australia has to juggle 66 different passwords.
This makes it nearly impossible for them to make all those passwords strong and unique while still remembering them.
This is why password compromise remains so prevalent and is something that gets in the way of a company’s technology success and IT security strategy.
There’s an easy solution to the problem in the form of multi-factor authentication (MFA), which is very effective at stopping account hijacking.
However, many small and mid-sized companies don’t use it because employees push back on the idea.
In a global study of MFA implementation, it was found that enterprises are largely onboard with MFA, but not smaller organisations. The implementation percentages for each group are:
- Enterprises: 87% have adopted MFA
- Mid-sized companies (500-1,000 employees): 44% have adopted MFA
- Small businesses: 27% have adopted MFA
What Are Some Reasons Employees Resist the Deployment of MFA?
Don’t Like Change
People are naturally resistant to a forced change in their habits and routine. This can mean that it’s not actually the procedure the person has a problem with, it’s the fact that they’ll be required to change the way they do things.
They’re Afraid MFA Will Take More Time
Even though the normal MFA process takes a matter of seconds, it does add some additional time to each login that uses it. This additional time is one of the key reasons employees push back against this security protocol. They don’t want to be inconvenienced and have less time for their work.
They Feel Blindsided
If you tell your team that tomorrow they all need to start using a new process, you’ll naturally get immediate resistance because they feel blindsided by a major change they didn’t see coming. This can lead to feelings of resentment about the new process when it’s more about how the process was introduced.
Move Past MFA Resistance With These Tips
Bring Employees Into the Process Early
People are more receptive to a change if they’ve had a chance to process it and fully understand what it will mean to their workflow.
Bring employees into your MFA decision-making process early so they’ll be aware that a change is coming and can get used to the idea. This can also give them the time they need to fully understand the benefits, which they don’t have if you just tell them to do it without any advance warning.
Couple MFA with a Single Sign-on (SSO) Portal
You can solve the additional time and inconvenience concerns of MFA deployment by also introducing SSO at the same time. This is an application that provides a single portal where employees can sign in and use MFA to authenticate to access all their work applications at once.
The introduction of both of these at the same time can get people excited to use the new security protocol because SSO will make their lives easier and save them time.
Treat MFA Implementation as a Business Change & Manage It
There is an entire industry build on the need to manage business changes properly so users can adopt a new process successfully and companies get the results they want.
The implementation of multi-factor authentication is a business change and using some of the tenets of change management can help you introduce it and have less user resistance.
Change management includes activities like:
- Addressing employee concerns proactively
- Providing staff with a WIIFM (what’s in it for me) explanation of how they’ll benefit from the change
- Garnering support from business leaders and management for the change
- Addressing and resolving resistance
Provide an Option for How MFA is Used
You can make employees feel as if they have some control over the new process by giving them options for how they’ll implement MFA.
For example, you could allow employees to choose to use a security key that inserts into devices for authentication, receive a code by text message, or receive a device prompt through an MFA app.
Support Employees With Training
Any new process requires training to alleviate employee fears that they won’t do it properly and ensure everyone feels comfortable with the new process.
Make sure to train employees on how they’ll use MFA, even if the process seems very easy and straightforward. There are bound to be some questions that you didn’t anticipate that your training will answer.
Maintain Support for 30-days After Staff Begin Using MFA
Don’t consider the project “done” after you go live with MFA deployment. It’s during those first few weeks that people will tend to run into the most problems.
If you don’t provide the necessary help desk support to users, they could end up resisting the change simply because they’re hitting a few issues that could easily be resolved with a little help.
Put a Strong Cloud Security Strategy in Place
Don’t leave your cloud accounts unprotected because you’re worried about employee resistance to MFA. NetCare can help your Sydney area business with a smooth rollout that keeps user experience in mind.
Contact us today to learn more. Call (02) 9114 9920 or .