Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Increasing Cyber Security Awareness by Driving Two Factor Authentication (2FA)

Two factor authentication

about the author

Share this post

Back in 2016, millions of emails were breached at Deloitte, after hackers gained access to an administrator’s account that gave them unrestricted access to Deloitte’s cloud-based email system. Investigations in the incident revealed that the administrator’s account had only one layer of protection – a password – without any further identification methods.

This could have easily prevented had two factor authentication (2FA) been enabled for the admin account. In addition to using a password, 2FA requires users to provide an additional piece of evidence that confirms their identity. This can either be something that only the user possesses – such as a smartphone, or a biometric – such as a fingerprint.

In fact, Microsoft estimates the effectiveness of multi-factor authentication at over 99.9 percent, blocking virtually all account compromise attacks. This is hugely important considering that ‘broken authentication’ has been consistently one of the top vulnerabilities on the OWASP Top Ten.

Hackers typically use one of the following techniques to gain user’s credentials:

  1. Broad-based phishing entails a malicious actor sending a generic email from a fake email address which encourages recipients to log into a fake webpage using their actual credentials. The reasons stated in the phishing email can range from ‘accessing a new tool’, ‘resetting a password’ or, ironically, ‘confirming suspicious account activity’.
  2. Spear phishing follows the same model as broad-based phishing, but the emails are specific to each target. This would mean that the email addresses the user by their real name, or applications they regularly use. Spear phishing emails appear more credible than their counterparts, which increase their success rate.
  3. Credential stuffing attacks, where a malicious actor who successfully discovers or purchases a target’s password can access all the accounts that share that password. This is particularly problematic when considering users’ personal cyber security awareness. As of 2020, more than 50 percent of people admit to using the same password for multiple accounts. This leaves both their personal data and their work data vulnerable to this type of attack.
  4. Password spraying enables attackers to gain access by trying out common or default passwords. The most generic examples are passwords such as ‘123456’ and ‘password’.

Why is Two Factor Authentication Important?

As we can see, breaking into a password is not mission impossible and does not require attackers to go through the target’s rubbish in the hopes of finding a sheet of paper with their credentials written down.

Between these three types of attacks – phishing, credential stuffing, and password spraying – it’s easy to imagine that out of one thousand employees, at least one of them could be compromised. And that puts the entire organisation at risk.

However, when you throw another authentication mode into the mix, the compromise risk approaches zero. While a password can be hacked, the chances of the attacker also remotely accessing the target’s authentication device or biometric is almost null. This is how 99.9 percent of account compromises can be prevented.

Security Awareness Training is Critical for Two Factor Authentication Success

Deploying two factor authentication in your organisation has two considerations.

Firstly, technology. To implement two-factor authentication, you need to choose a method that authenticates users. The most common method nowadays is using a smartphone. Products such as Office 365 have built-in MFA functions and policy management which can easily set up users’ mobile applications as proof of identity.

Second, and perhaps the more challenging, people. Users will have to go through an additional log-in step every time they access a tool that has MFA enabled. This is where Security Awareness Training is indispensable. Without an employee education campaign outlining the importance of two factor authentication, some users may feel inconvenienced by the additional authentication step and may turn to using unauthorised applications – such as WhatsApp – to share files and messages. This unauthorised application usage is dubbed shadow IT and it’s a high-risk practice as it bypasses all enterprise security.

User’s cyber security awareness is even more important when we reconsider the credential stuffing attack. If more than 50 percent of users use the same password for multiple accounts, it is also very likely that they will share passwords between personal and work accounts.

Creating a Human Firewall with Two Factor Authentication

For this reason, we recommend extending Security Awareness Training campaigns into the employee’s personal security habits. Enabling 2FA on personal email services such as Gmail is easy to set up and convenient to use. This single action has a two way benefit, directly to the user and indirectly to the organisation as it minimises the risk of data breaches.

In addition to promoting the importance of two factor authentication for personal usage, incident management training can also help users who have been compromised to follow a procedure that can prevent further damage, including the reporting of breaches to the relevant IT teams and changing passwords where necessary.

Education campaigns to drive good personal cyber security awareness are the only way to get voluntary user buy-in. When employees understand the importance of keeping both their work and home IT and communication services secure, they will form a robust foundation for the whole enterprise.

Cyber Security Awareness for Dummies

Other Articles on Cyber Security Awareness Training You Might Find Interesting