• Securing SMBs with phishing-resistant MFA

    Protecting small and medium businesses against cyber attacks and keeping the innovation engine for the economy safe.
    Home » Why Yubico » Yubico for SMBs

    Get started with phishing-resistant YubiKey
    MFA for your favorite services and applications

    X logo (twitter)

    Small and medium-sized businesses underestimate
    the risk of a cybersecurity breach

    1/3 stat

    1 in 3 breaches involved an SMB.

    52% stat

    52% of SMBs experienced at least one cyberattack in the last year. Of them, 10% experienced more than 10 cyberattacks.

    40% stat

    40% do not have a comprehensive and up-to-date cybersecurity incident response plan.


    State of Global Enterprise Authentication Survey

    Yubico’s exclusive research asks employees around the world how they authenticate. Discover the common mistakes that leave organizations vulnerable to attacks, hear from decision makers about the cybersecurity issues that keep them up at night, and learn how and why modern enterprises are embracing phishing-resistant MFA.


    Evolving cyber threat and regulatory landscape
    requires stronger security

    mobile phone with hooks
    Growth in cybercrime

    During the Covid-19 health crisis, cybercrimes have gone up by as much as 300%. And public incidents of cybersecurity breaches have been in the news regularly, with affected organizations experiencing massive reputational and financial losses. According to a recent survey, 72% of SMBs today are more concerned about cybersecurity than a year ago, with the top 3 cyber threats being ransomware, phishing, and malware.

    gov building
    Stringent compliance mandates

    With the recent number of attacks that have had significant impact on critical systems, a new Executive Order on improving the nation’s cybersecurity was released on May 12, 2021, covering key areas needed to protect critical digital infrastructures. The EO affects many organizations, both in the public and private sector, that work with the government. While the order covers a number of topics, implementing phishing-resistant multi-factor authentication (MFA) as part of deploying a Zero Trust Architecture and securing the software supply chain are of the highest importance.

    SMBs are the lifeblood of the economy and a critical part of the overall supply chain and partner ecosystem of larger organizations. Now is the time for these businesses to move towards stronger forms of user authentication, beyond passwords and mobile apps, in order to stay secure and be viewed as a trusted organization and partner.


    The critical need for phishing-resistant MFA

    stats on hacking
    The trouble with passwords

    Passwords are easy to create and use, offering access to enterprise systems and applications. However, they are increasingly the cause of costly security breaches. In fact, weak passwords or the use of lost or stolen credentials are responsible for more than 80% of breaches in 2020. Stolen credentials not only allow malicious actors to impersonate a compromised user, but can also be used to gain additional credentials and information.

    smb meeting
    Modern MFA addresses modern threats

    Authentication using only a username and password is single-factor authentication. By adding an additional, physical layer of MFA with security keys, SMBs can significantly reduce cyber risks. 

    MFA raises the bar for security by requiring a user to offer 2 out of 3 factors to verify their identity:

    • Something you know
      (e.g. username and password)
    • Something you have
      (e.g. YubiKey security key or token)
    • Something you are
      (e.g. biometric – fingerprint, facial recognition, iris scan)

    The bar is simply too low with passwords. Even legacy MFA methods, such as SMS or mobile authentication, have all been proven to be highly vulnerable to phishing. Phishing-resistant MFA is the modern and effective approach to keeping your hard work, brand image, and business protected.


    New to cybersecurity? Check out these resources.

    book with lock

    Security industry keywords, acronyms and technical terms

    Authentication standards make the internet safer for everybody

    Securing your critical assets in an ever-changing regulatory environment


    Jumpstart authentication security best practices

    Watch the webinar

    Best Practices to Secure SMBs in an Evolving Cyberthreat Landscape

    SMB best practice webinar

    Think legacy MFA like mobile authentication is good enough? Think again.

    Read the white paper

    Avoid the pitfalls of legacy MFA that’s quickly falling behind.


    Limited IT staff or cybersecurity training?

    The YubiKey delivers peace of mind out-of-the-box with an intuitive experience

    YubiKey 5 NFC
    Stop account takeovers

    Get strong security in minutes with the YubiKey, a hardware security key that provides phishing-resistant two-factor, multi-factor, and passwordless authentication. Move beyond passwords with a solution that’s been proven to stop account takeovers in their tracks and mitigate risks tied to growing ransomware threats. With the YubiKey, you can secure your business, become a trusted part of the supply chain, and experience peace of mind.

    Experience fast and easy account login

    Using a YubiKey is very simple. To get started the user simply needs to register their YubiKey with the applications or services they wish to secure. Just enter a PIN or password and touch or tap your YubiKey, and you’re in. Reduce downtime due to password-related account lockouts and deliver an intuitive experience to your users for wider security adoption and greater user satisfaction.

    Secure all the systems you use to stay productive

    YubiKeys work seamlessly across on-premises or cloud environments and offer secure access to:

    • Email/webmail
    • Corporate virtual private networks (VPNs)
    • Internet-facing systems
    • Cloud solutions
    • Network devices
    • and much more

    One key can work across hundreds of applications and systems and YubiKeys share secrets between registered services, store no data and require no cellular connectivity. Work offline anytime, anywhere and experience always-on security keeping user identities and the business safe. 


    Looking to secure O365, GSuite, Salesforce and other cloud services? YubiKeys have you covered.

    smb chart

    How the YubiKey works

    Register your YubiKey

    To use the YubiKey, go to the Security Settings of a supported service and select “Add Security Key”.

    Insert YubiKey & touch

    On a computer, insert the YubiKey into a USB-port and touch the YubiKey to verify you are human and not a remote hacker.

    Tap YubiKey to device

    Tap the YubiKey on NFC enabled devices. Once registered, many services will not require the key after first login – it just works!


    Get started

    YubiKey 5 series

    Find the right YubiKey

    Contact our sales team for a personalized assessment of your company’s needs.

    YubiKey in an ice cream cone
    Get protected today

    Browse our online store today and buy the right YubiKey for you.