Multi-Factor Authentication: The Simplest Way to Protect Client Data from Unauthorized Access

Why MFA Matters for Funeral Homes: The Risk You're Facing

Your funeral home manages some of the most sensitive personal information: names, dates of birth, Social Security numbers, emergency contact information, health history, and payment data. This data is EXACTLY what criminals want—they can use it for identity theft, medical fraud, or extortion.

According to Verizon's 2024 Data Breach Investigations Report, 80% of confirmed breaches involve compromised credentials (username/password). A criminal gets an employee's password (through phishing, data broker lists, or weak password reuse), logs in, and accesses all family data. No encryption helps if they have the keys.

For funeral homes, the consequences are severe:

• HIPAA violations: If you're handling health information, unauthorized access = $100-$50,000 per violation in fines
• Family lawsuits: Families sue when their data is compromised—you're liable for their identity theft losses
• Regulatory action: State funeral boards investigate breaches and may suspend your license
• Reputation damage: Word spreads fast. Families distrust funeral homes with security breaches
• Operational shutdown: During investigation, you may not be able to access your systems

MFA stops 99% of these credential-based attacks. Even if a criminal steals an employee's password, they cannot log in without access to that employee's phone or authenticator device.

What Is Multi-Factor Authentication?

Multi-Factor Authentication (MFA) requires TWO independent forms of verification to log in:

1. Something you know: Your password
2. Something you have: Your phone (via SMS or authenticator app) or email

Even if a criminal obtains your password through phishing, data broker lists, or brute force attacks, they cannot log in without ALSO having access to your phone or email. This dual requirement is what makes MFA effective.

Real example: Employee Sarah at your funeral home accidentally clicks a phishing link and her password is stolen. Attacker tries to log in using Sarah's credentials. With MFA enabled, the system asks for a code from Sarah's phone. Attacker doesn't have Sarah's phone, so the login fails. Sarah's data remains secure.

Three MFA Types (Ranked by Security)

How to Choose the Right MFA Type for Your Funeral Home

Recommended: Authenticator apps (Google Authenticator or Microsoft Authenticator)

Why:

• 100% free to implement
• Works on any smartphone (iPhone or Android)
• Most secure option available
• Works offline (no network required to generate codes)
• Easy to set up (5 minutes per person)

If you have older staff or concerns about app adoption: Start with SMS/email, then upgrade to apps once staff are comfortable with MFA concept

Setting Up MFA: Step-by-Step Instructions

Step 1: Choose and Download Authenticator App

Each staff member should download ONE of these apps (free from App Store or Google Play):

• Google Authenticator: Simple, works everywhere, recommended for most funeral homes
• Microsoft Authenticator: If using Microsoft 365 (Outlook, Teams)
• Authy: More advanced, allows multi-device backup

Step 2: Enable MFA on Email Account (Gmail or Outlook)

This is critical—do this first:

• Go to account security settings (myaccount.google.com or outlook.live.com/security)
• Find "Two-Step Verification" or "Multi-Factor Authentication"
• Choose authenticator app
• Scan QR code with authenticator app
• Test code to confirm it works
• Save backup codes in secure location (encrypted file or password manager)

Why email first: If someone compromises your email, they can reset passwords on other accounts. Protecting email first is critical.

Step 3: Enable MFA on Funeral Home Software

Once email has MFA, enable it on your funeral home software:

• Log into Sacred Grounds (or your funeral home software)
• Go to Settings > Security or Account Settings
• Find "Two-Factor Authentication" or "Multi-Factor Authentication"
• Choose authenticator app as MFA method
• Scan QR code with authenticator app
• Confirm setup

Step 4: Enable MFA on Microsoft 365 or Google Workspace

If your funeral home uses Microsoft 365 (Teams, OneDrive, Outlook) or Google Workspace:

• Microsoft 365: Go to myaccount.microsoft.com/security, choose "Advanced security options," enable MFA
• Google Workspace: Go to myaccount.google.com/security, enable 2-Step Verification

Step 5: Require MFA for All Staff (No Exceptions)

This is critical. If some staff use MFA and others don't:

• Attackers target unprotected accounts
• Protected and unprotected accounts create inconsistent security
• Policies are ineffective

What you should do: As administrator, REQUIRE MFA for all accounts. Most software allows you to force MFA enrollment (staff can't use the system without it).

Backup Codes: Your Safety Net

When you enable MFA, the system generates "backup codes"—a list of single-use codes you can use to log in if you lose your phone.

What to do:

• Save backup codes in a secure location (password manager or encrypted file, NOT email or notebook on desk)
• Each staff member should save their own backup codes
• As admin, keep a master list in secure location for account recovery
• Use codes ONLY in emergency (lost phone, etc.)
• After using a backup code, generate new ones

Common Objections and Responses

Objection 1: "MFA is too complicated for our staff"

Reality: It's not. Staff enter 6-digit code at login. That's it. Takes 5 seconds.

Training approach: Show staff a 2-minute demo of entering the code. Offer support for first week. Most staff adapt within days.

Objection 2: "Employees will lose their phones"

Reality: If someone loses their phone, they use backup codes to log in, then add a new device to their authenticator app or disable MFA temporarily while device is replaced.

Your approach: Have a clear recovery procedure. Most employees' phones are replaced within 24 hours.

Objection 3: "MFA costs too much"

Reality: Authenticator apps and email-based MFA are completely free. SMS costs pennies per text, if anything.

Cost comparison: A funeral home with 5 staff: $0-$10/month vs. cost of a data breach ($50,000-$1,000,000+ in fines, lawsuits, recovery)

Objection 4: "Our software doesn't support MFA"

Response: Most modern software does. Check with your software provider. If they don't support MFA, ask why—and consider switching. In 2024, MFA is standard.

What to Do If Someone Loses Their Phone

Employee's phone is lost/stolen:

• Employee uses backup code to log in
• Once logged in, employee goes to Security settings and disables MFA
• Employee gets new phone and reinstalls authenticator app
• Employee re-enables MFA on new phone
• Restore from backup (Authy) or re-add accounts (Google Authenticator)

If employee can't remember backup codes:

• Admin can disable MFA on their account from admin panel
• Employee logs in with password only
• Employee re-enables MFA

MFA Implementation Checklist

• ☐ Choose authenticator app (Google Authenticator recommended)
• ☐ Download app on your phone
• ☐ Enable MFA on your email account first (Gmail or Outlook)
• ☐ Save backup codes securely
• ☐ Enable MFA on funeral home software (Sacred Grounds, etc.)
• ☐ Enable MFA on Microsoft 365 or Google Workspace
• ☐ Test MFA works before deploying to staff
• ☐ Create staff communication explaining MFA and why it's required
• ☐ Schedule MFA enrollment for all staff (1-2 weeks)
• ☐ Provide support during enrollment period
• ☐ As admin, set MFA as REQUIRED (not optional) in all systems
• ☐ Document recovery procedure for lost devices
• ☐ Monthly audit: verify all staff accounts have MFA enabled

Related Data Security Resources

• HIPAA Data Security Best Practices – Comprehensive guide to HIPAA compliance and data protection
• Outsourcing IT Management: Cost-Benefit Analysis – When to hire IT support vs. manage internally
• Avoiding Single Points of Failure: Local Backups and Disaster Recovery – Backup strategy to prevent data loss
• NIST Authentication Guidelines – Federal standards for strong authentication

Bottom Line

80% of breaches involve compromised credentials. MFA stops 99% of these attacks. For a funeral home, this means protecting family data, avoiding regulatory fines, and preventing lawsuits. Cost: free. Time to deploy: 1 hour to set up, 30 minutes per staff member. Risk of not doing it: $50,000-$1,000,000 in breach costs. Enable MFA on all systems today.

Action items: (1) Download authenticator app. (2) Enable MFA on your email today. (3) Enable MFA on funeral home software. (4) Plan staff enrollment for this week. (5) Make MFA mandatory (not optional). (6) Do monthly verification that all staff have MFA enabled. (7) Document recovery procedure. (8) Train team on what to do if phone is lost.