Having the necessary IT security and protection within your business, no matter how big or small, is very important, now more than ever with the GDPR regulations coming that came force in May this year. Two factor authentication is one rung on the ladder of security that you should use or consider using in your business. Small businesses stand a 50% chance of a cyber-attack according to the National Cyber Security Centre so the use of two factor authentication is vital in everyday business life especially when processing confidential data.
What is two factor authentication?
Two factor authentication or 2FA is an extra layer of security used in addition the common user name and password system (the first factor). The second factor of authentication is a token (generally entered on a separate device) that is required after you enter the username and password correctly. Many of us are used to using 2FA to access online banking application via a separate PIN code generator. Common 2FA systems today send a code to your mobile device. This second factor makes it extremely difficult for cyber attackers to access any accounts, data or information as they would need access to your second device. Two factor authentication has become extremely popular recently with businesses around the world as it makes cyber-attacks much more difficult. Google introduced 2FA for all its email accounts back in 201. In its simplest for the protected application sends a code to your mobile device. Alternatively, you can use an authenticator application such as Google authenticator, Authy or Blizzard which makes the processes simpler.
Why should my business use two factor authentication?
Every enterprise holds information that is confidential, sensitive or personal that would your adversely affect your business or your customers if it was stolen or lost. Here are the main reasons why you should put two factor authentication in place.
- It is a lot easier to user than other forms of authentication and protection.
- There has been a massive increase in the number of cyber-attacks over the last 5 years and it will only grow, so putting in place as much security barriers as possible is vital.
- By having two factor authentication enabled you will now know the second a cyber-attacker is trying to access your account and you can change your account or system details to combat that.
- You should have layers of security around your IT systems and applications. 2FA adds another layer to anti-virus software, firewalls and encryption etc. It makes your IT systems much more secure and the more layers you have the harder it is to penetrate.
- The final reason is that the GDPR brings in fines of up to €20m if you don’t take adequate precautions to protect personal data.
Where and how should I use 2FA?
Email is a key application to protect with 2FA as your email credentials are often used to reset other applications. Another essential place to use 2FA is on cloud storage. If there was a cyber-attack and the attackers managed to access your cloud storage with all your data (even for only a few hours) they could cause significant damage and your information could end up in the wrong hands. Having 2FA set up and linked to any One Drive, Dropbox or cloud storage system would be that any threats on that account would be negated because the second factor would not be accessible by the attackers.
Using a 2FA systems grants you different types of access option depending on the system you are using. Some systems will require you to enter a token every time you log on to the application, some will only require you to enter a token every 30 days or another pre-set period and some will require you invoke 2FA only when a new device is used. The enterprise or individual should set the policy it wants to apply regarding the use of 2FA. There is a balance to achieve between security and usability – having to enter a token every time you log in is a longer process but definitely gives more security.
Client email account protected by 2 factor authentication
A client recently had their email password hacked and their account penetrated by a fraudster. The fraudster then set up a “rule” within the email system to divert incoming mail to the external fraudster’s account. This person then had an ongoing discussion with our client’s customer without his knowledge. The hack was only discovered during a chance conversation with the customer.
The security answer was two fold:
- use a stronger password and change it regularly. Lastpass, password manager helped with this matter; and
- install two factor authentication. Now when any new device tries to access our client’s email, a code is sent to our client’s mobile – immediately alerting them that a third party is trying to access his email.
Two factor authentication application example
Google Authenticator Application
This is what the Google authenticator application looks like. It is an app that is installed on your phone and the token changes every 10 seconds regardless of whether or not you are connected to a network. These applications can support multiple applications as shown in the diagram.
2FA applications like this one have simplified and revolutionised how easily you can secure your accounts, data and much more.
Help and more information
If you would like more information on 2FA or on setting up a system, please drop us a note or give us a call on 01428 770 290.