Push icon
  • Product
  • Use cases
    SaaS discovery
    SaaS discovery
    Detect SaaS apps that employees are using in your company.
    Risky third-party integrations
    Risky third-party integrations
    Nudge employees to remove unused third-party integrations.
    Malicious mail rule detection
    Malicious mail rule detection
    A strong indicator of compromise. Detect and respond automatically.
    Automated MFA deployment
    Automated MFA deployment
    Use ChatOps to automatically nudge employees to enroll.
  • Pricing
  • Blog
  • About

Getting business buy-in to enforce multi-factor authentication

It's always best to make sure all the right people are aware of and support changes in the business - especially when it will start to affect them directly! Big changes that people notice tend to benefit from an executive sponsor to lend weight behind the change - you'll know better than us whether that makes sense for your organisation.

If you do choose to ask an exec to sponsor this initiative, you should make sure you cover the following:

  1. Why MFA is important. Broad strokes are good - but make sure you are able to describe an attack that MFA would prevent in simple terms. This is gold should they ever need to defend MFA to another exec - if you’ve had an attack in the past that could have been prevented by MFA then even better. See our as a starting point.

  2. Any risks and what you've done to mitigate them. You can read more about this in our article about risks we’ve identified through learning from past MFA deployments, and mitigations we’ve built into this plan.

  3. Costs. Will you be asking the exec to support you in requesting additional budget for hardware tokens or upgraded licenses? Fortunately in most cases new hardware or upgraded licenses aren't needed, but it’s good to make sure there are no surprises down the road.

  4. Process and timelines. MFA rollout across multiple platforms typically takes anywhere from a month to 6 months depending on the size of the organisation. If you are a smaller (say less than 50 employees) tech-savvy team you can aim for the lower end, otherwise, it might be smart to give yourself enough space to do it gradually. Walk them through this plan just enough so they have a feeling for what to expect, and what could cause delays.

  5. Let them know if you plan to include their name in comms to the rest of your team. If they aren't comfortable with that, they may not be a great fit for a sponsor.

Tip: As you plan for the discussion, write out your talking points and notes and follow the discussion with an email summarising those key points. You can use this email template as a starting point:

push logo
Product
  • Overview
  • Pricing
Use cases
  • SaaS discovery
  • Risky third-party integrations
  • Malicious mail rule detection
  • Automated MFA deployment
Push
  • Team
  • Investors
  • Contact
  • Careers
Assurance
  • Privacy policy
  • Cookie policy
  • Terms
  • Sub-processors
© Push 2022. All rights reserved.
cyber essentials logo
You're offline. Waiting to reconnect.