If you could spend $25 on something that would reduce your risk of a cyber breach by over 99%, you'd do it immediately. That's what multi-factor authentication (MFA) does — and the Australian Cyber Security Centre rates it as the single most effective way to prevent account takeovers. Yet we still find the majority of Perth small businesses we work with haven't set it up.

Business email compromise — where an attacker gains access to your email account — costs Australian businesses hundreds of millions of dollars every year. In most cases, a simple MFA setup would have stopped the attack completely.

The key fact: Microsoft research shows that MFA blocks 99.9% of automated credential attacks. It's the closest thing to a guaranteed security upgrade available to small businesses.

What Is MFA and Why Does It Work?

Multi-factor authentication means requiring two or more forms of verification to log in — something you know (your password) plus something you have (your phone) or something you are (your fingerprint).

Even if an attacker steals or guesses your password, they still can't log in without the second factor. Since the second factor is usually your physical phone, a remote attacker is completely locked out.

The $25 — Where Does That Come In?

The Microsoft Authenticator app is free. Google Authenticator is free. Most MFA apps cost nothing. The "$25" refers to the approximate cost of a basic hardware security key (like a YubiKey) — a small USB device that acts as your second factor and is essentially unphishable. For businesses handling sensitive data, a hardware key is the gold standard. But even the free app-based MFA is dramatically better than a password alone.

Which Accounts Should Have MFA Enabled First?

  1. Microsoft 365 / Outlook — your email is the master key to everything else; this is the most critical
  2. Google Workspace — if you use Gmail for business
  3. Banking and accounting software — Xero, MYOB, your bank's portal
  4. Domain registrar and hosting — losing control of your domain is devastating
  5. Cloud storage — Dropbox, OneDrive, Google Drive
  6. Social media business accounts — Facebook, Instagram, LinkedIn

How to Set Up MFA on Microsoft 365 (Step by Step)

As a Microsoft authorised reseller, we help businesses across Clarkson, Joondalup and Butler set this up regularly. Here's the process:

  1. Go to admin.microsoft.com and sign in as an administrator
  2. Click Azure Active DirectoryPropertiesManage Security Defaults
  3. Toggle Enable Security Defaults to On and save
  4. Users will be prompted to set up the Microsoft Authenticator app on their next login
  5. Download Microsoft Authenticator on each user's phone and follow the on-screen pairing steps
Important: Before enabling MFA, make sure you have a backup phone number or recovery method set up for admin accounts. Locking yourself out of your admin account is a painful experience we've helped several Perth businesses recover from.

What About Staff Who Resist?

The most common pushback is "it's annoying to do every time." The good news is Microsoft 365's modern authentication remembers trusted devices for up to 30 days — so most staff only need to use the second factor once a month on familiar devices. On a new device or location, it kicks in again, which is exactly what you want.

Let Us Set It Up For You

If you'd rather not deal with the admin side, our Managed IT team can enable and configure MFA across your entire business — including all user accounts, conditional access policies, and staff training — in a single session. We cover businesses across Clarkson, Butler, Joondalup, Wanneroo, Mindarie, Alkimos and all northern Perth suburbs.

Want Us to Set Up MFA for Your Business?

We'll configure it properly, train your staff, and make sure nobody gets locked out. Contact BITS Perth for a free security assessment.

Get a Free Quote Free Risk Assessment
CybersecurityMFAMicrosoft 365PerthSmall Business