Increase Security with Two Factor Authentication

2FA

Posted on 12/03/2018 by Connor Brett

Having the necessary IT security and protection within your business, no matter how big or small, is very important, now more than ever with the GDPR regulations coming that came force in May this year. Two factor authentication is one rung on the ladder of security that you should use or consider using in your business. Small businesses stand a 50% chance of a cyber-attack according to the National Cyber Security Centre so the use of two factor authentication is vital in everyday business life especially when processing confidential data.

What is two factor authentication?

Two factor authentication or 2FA is an extra layer of security used in addition the common user name and password system (the first factor). The second factor of authentication is a token (generally entered on a separate device) that is required after you enter the username and password correctly. Many of us are used to using 2FA to access online banking application via a separate PIN code generator. Common 2FA systems today send a code to your mobile device. This second factor makes it extremely difficult for cyber attackers to access any accounts, data or information as they would need access to your second device. Two factor authentication has become extremely popular recently with businesses around the world as it makes cyber-attacks much more difficult. Google introduced 2FA for all its email accounts back in 201. In its simplest for the protected application sends a code to your mobile device. Alternatively, you can use an authenticator application such as Google authenticator, Authy or Blizzard which makes the processes simpler.

Why should my business use two factor authentication?

Every enterprise holds information that is confidential, sensitive or personal that would your adversely affect your business or your customers if it was stolen or lost.  Here are the main reasons why you should put two factor authentication in place.

  • It is a lot easier to user than other forms of authentication and protection.
  • There has been a massive increase in the number of cyber-attacks over the last 5 years and it will only grow, so putting in place as much security barriers as possible is vital.
  • By having two factor authentication enabled you will now know the second a cyber-attacker is trying to access your account and you can change your account or system details to combat that.
  • You should have layers of security around your IT systems and applications. 2FA adds another layer to anti-virus software, firewalls and encryption etc. It makes your IT systems much more secure and the more layers you have the harder it is to penetrate.
  • The final reason is that the GDPR brings in fines of up to €20m if you don’t take adequate precautions to protect personal data.

Where and how should I use 2FA?

Email is a key application to protect with 2FA as your email credentials are often used to reset other applications. Another essential place to use 2FA is on cloud storage. If there was a cyber-attack and the attackers managed to access your cloud storage with all your data (even for only a few hours) they could cause significant damage and  your information could end up in the wrong hands. Having 2FA set up and linked to any One Drive, Dropbox or cloud storage system would be that any threats on that account would be negated because the second factor would not be accessible by the attackers.

Using a 2FA systems grants you different types of access option depending on the system you are using. Some systems will require you to enter a token every time you log on to the application, some will only require you to enter a token every 30 days or another pre-set period and some will require you invoke 2FA only when a new device is used. The enterprise or individual should set the policy it wants to apply regarding the use of 2FA. There is a balance to achieve between security and usability – having to enter a token every time you log in is a longer process but definitely gives more security.

Client email account protected by 2 factor authentication

A client recently had their email password hacked and their account penetrated by a fraudster. The fraudster then set up a “rule” within the email system to divert incoming mail to the external fraudster’s account. This person then had an ongoing discussion with our client’s customer without his knowledge. The hack was only discovered during a chance conversation with the customer.

The security answer was  two fold:

  • use a stronger password and change it regularly. Lastpass, password manager helped with this matter; and
  • install two factor authentication. Now when any new device tries to access our client’s email, a code is sent to our client’s mobile – immediately alerting them that a third party is trying to access his email.

Two factor authentication application example

2FA Application from Google

Google Authenticator Application

This is what the Google authenticator application looks like. It is an app that is installed on your phone and the token changes every 10 seconds regardless of whether or not you are connected to a network. These applications can support multiple applications as shown in the diagram.

2FA applications like this one have simplified and revolutionised how easily you can secure your accounts, data and much more.

Help and more information

If you would like more information on 2FA or on setting up a system, please drop us a note or give us a call on 01428 770 290.

About Us

We provide supportive leadership enabling our business community to succeed and prosper through effective use of IT and Technology. PAAC IT is an IT Company in Surrey offering small businesses the personal attention and care that their IT systems deserve. If your company has between 1 and 100 employees and need a IT Company in Surrey we would love to hear from you!

Find out more
"PAAC IT provide a managed service for our PCs on a fixed monthly charge. Really great, they are there when we need them"
Julia Macquisten - OwnerLucas Field Media
"PAAC-IT provide and maintain our Apple Macs and Macbook Pros. Richard and his team at PAAC IT are very prompt and responsive when we need help, and a pleasure to work with"
David Alden - DirectorAlden Holmes
"Our business is highly dependent on computer technology – all the way from design and creative software platforms to administration processes. PAAC-IT set up and configured our mix of PC and Apple computers, file servers and security software and now keep it running. The team at PAAC-IT is very competent and keep our IT running smoothly"
Edward Green - DirectorMilly Green
"I was having trouble making Skype calls to my son. Both Darren and Connor were extremely helpful and patient. They were so kind to get the computer in and out of the car for me - i couldn't have done this on my own as i am disabled"
Jane Nightingale
"On moving house we required help of PAAC to coordinate a tablet, PC and laptop with new security and email addresses and to ensure transfer of old contact details etc. Some of this work was undertaken by Darren in the Midhurst shop and some at our new address. Darren was professional and helpful with successful results. PAAC also followed up with care to ensure that all was well. "
A satisfied customer
"I have been dealing with PAAC IT, mostly in their Midhurst Office, but also in Haslemere, for the past three or four years. They clearly understand Macs and have given me good advice, and sorted out various issues for me. Things did go wrong with the network wireless adapters I had bought from them, but they were quick to ensure they were checked and replaced without a problem, and they followed up with me a month later to ensure all was OK. That’s good customer service!"
James Tree
"Dynamite, goes the extra yard every time, reliable and essential support to my business."
Lawrence MullenThe Talking Trade
"Good, dependable, brilliant, local"
Anneke Clegg
"I have been using the services of PAAC IT for over two years. During this time I have found the staff to be courteous, understanding, and very efficient. I have received first class service on each and every occasion – from keeping my ancient computer running, to advising and supplying a suitable replacement when it eventually crashed. All my transactions have been with the team in the Haslemere shop where Richard, Mark, Darren and Oliver have addressed my computer difficulties with great patience and kindness. To them I am eternally grateful."
Derek Smyth