In today’s digital world, passwords alone are no longer enough to protect sensitive data. That’s why SMB Solutions is mandating DUO two-factor authentication (2FA) for all customer service requests. This crucial step adds a second verification layer beyond passwords, significantly reducing the risk of unauthorised access from phishing, stolen credentials, or password reuse.
By adopting this security step, SMB strengthens customer account security, ensures compliance with regulatory requirements, and reinforces the trust customers place in our services.
Why MFA Matters
Cybercriminals are becoming more sophisticated, exploiting human behaviour through phishing, vishing (voice phishing), and smishing (SMS phishing). Each method relies on social engineering to trick victims into bypassing safeguards.
DUO makes these attacks far less effective by requiring users to confirm their identity through a push notification or another secure second factor before access is granted. This safeguard protects both SMB and its customers from false impersonations.
Real-World Lessons
Recent high-profile breaches highlight why this change is essential:
-
Cisco Breach (2025): Attackers used vishing to impersonate trusted entities, tricking a Cisco representative into granting access to sensitive databases.
-
Qantas Incident (2025): Social engineering at a third-party call centre exposed the personal data of six million customers, demonstrating the risks of impersonation in outsourced systems.
These incidents show how attackers exploit trust and just why 2FA is vital.
Protecting Customers from Imposters
SMB Solutions is rolling out this new verification process to prevent fraudsters from impersonating our team:
-
Any legitimate SMB request for access will always include a DUO push notification for verification.
-
Partners will receive dedicated communications highlighting how SMB is safeguarding their organisations and customers.
- All support requests must come from the Autotask Client Portal or via a phone call with a DUO Push. Autotask Client Portal will require MFA to log a ticket. If you don’t have access to the Autotask Client Portal, please contact our support team.
This ensures that when SMB contacts a customer, they can always confirm the request is authentic.
Protecting SMB from Customer Imposters
The change works both ways. To prevent fraudulent requests from being made to SMB:
-
All phone requests to the help desk will now require DUO authentication.
-
All support requests must come from the Autotask Client Portal or via a phone call. Autotask Client Portal will require MFA to log a ticket. If you don’t have access to the Autotask Client Portal, please contact our support team.
-
High-level changes (e.g., database replacements, mass user changes) must be approved by an authorised company contact.
-
Billing-related changes require approval from the relevant Partner.
- We will be managing your support requests through the Autotask Client Portal to ensure authenticity (based on MFA in Autotask).
These safeguards ensure the SMB team only acts on verified and authorised requests.
DUO in Action: Mitigating Risks
DUO’s capabilities directly address today’s most pressing cybersecurity threats:
-
Credential Compromise: Passwords alone aren’t enough — DUO makes them useless without the second factor.
-
Third-Party Access Abuse: Adaptive access policies restrict logins to trusted devices and networks.
-
Social Engineering: Verified device and user identity prevent attackers from tricking staff.
-
Phishing & Vishing Attacks: Contextual information in DUO Push helps users spot and deny suspicious requests.
-
Account Takeover: Risk-based authentication blocks suspicious login attempts.
-
Compromised Endpoints: Device health checks stop infected devices from connecting.
Building a Safer Future
Cybersecurity is no longer optional — it’s fundamental to business trust. By mandating DUO two-factor authentication for every information request or change, SMB is protecting customers, partners, and its own operations from the rising tide of cyber threats.
This change not only meets compliance requirements but also gives everyone peace of mind, knowing that SMB accounts are safeguarded against today’s most advanced attacks.
Feel free to reach out if you have any questions about this cybersecurity improvement!