Business IT security is more critical now than ever before but as a business owner what exactly can you do to protect your business?  It seems that no matter how much you spend there is an endless list of new threats that need more time and money spent on them, so why bother.

Cyber security is much like traditional security, there is no end to the amount you could spend to improve the security of your business.  For example your premises security might comprise of:  floodlights, alarms, police response, security cameras, shutters, fencing, security guards.  However, we all know that a determined criminal could break in if they wanted to.  Your aim is therefore to do enough to deter the vast majority of criminals. Once they realise the effort required, most will move on to easier targets.

Over the next few articles we will look at some of the basic steps you can take to protect your business from cyber attacks.  Let’s start of with an easy one which is called 2FA or MFA.

What is 2FA or MFA?

2FA, two-factor authentication and MFA or multi-factor authentication are often used interchangeably. They mean fairly much the same thing in the world of IT security.

When you log into a website, program or application you normally need a username and password. What is becoming more common is the need to input another piece of information such as a code.  For example, it might be a SMS text sent to your mobile phone.  This code is essentially the 2nd factor that is required to authenticate who you are, hence the name “2FA”.

Essentially you might describe it as:

  • Something you know, like a PIN number
  • Something you have, like a smartphone or secure USB key
  • Something you are, like a fingerprint or facial recognition

Why use 2FA as part of your business IT security?

Having to enter 2 or more bits of information increases the IT security level manyfold. Think of it like chip and pin for your credit card.  If you lose your credit card then a criminal has the potential to go to shops and use contactless payment but at some point they will be requested to enter the 4 digit pin.  Without this secondary piece of information, the card is now useless and will not work again.

2FA is designed so that even if your password is compromised then your account is still safe.  Without the second piece of information the chance of an account breach is close to zero.

Surely passwords are safe?

Passwords are normally quite safe but they do have some weaknesses that make them more vulnerable than we imagine.  Some of the more common issues:

  • People sharing passwords
  • Writing down or storing passwords (without a password manager)
  • Using simple passwords
  • Reusing the same password on multiple sites
  • Using personally identifyable information such as childrens names or birthdates.
  • Websites being hacked making user credentials available

How is 2FA different to a password?

2FA often utilises a piece of information, such as a code, that is only valid for a short period of time – 30 seconds to 5 minutes are quite common.

Now in order to access your account a criminal would need to guess your username, password and this second code that changes each time you try to log in.

As you can see this is highly unlikely and is the reason that 2FA is a simple addition to your business IT security toolbox.

How 2 factor authentication works

Using 2FA

Given that most people carry a smartphone, they lock it and it rarely leaves their side then this is a great way to use 2FA.  There are many apps available to download but the most common are Microsoft Authenticator and Google Authenticator.

Once downloaded then 2FA needs to be turned on within the account settings of the website and it will normally give a QR code for the app to scan.

Once complete the app generates a random code that is valid for 30 seconds and without it there is no way to access the account.

Where to use 2FA

Many places such as banks have enabled 2FA already and it is not possible to utilise their services without this second code.  Banks tend to use SMS text or their own card readers but it is essentially the same thing.

My suggestions for 2FA are:

  • Microsoft Office 365
  • Email scanning accounts
  • Critical business applications holding sensitive information (CRM for example)
  • VPN connections to servers
  • Anywhere a compromised account could be catastrophic

Do you need help?

Have you got to this point and thought – “Yep, I need to do something now but I haven’t got time”.  Maybe you want to implement this yourself but need to check a few things first. Either way we are happy to help.

As a managed IT service company we spend our time helping businesses to get what they need from their IT systems and we would be happy to help you too.  Click the button below and  get a free 15 minute consultation to discuss your business IT and what you need help with.

Our guarantee:

  • There are no hidden charges – this is a 100% free 15 minute consultation with no hidden charges.
  • We will never spam you or sell on your contact details.
  • We will treat your information with absolute confidentiality.

Other Posts for you to Enjoy

 

IT Support Company Helps with Your Tax

As a leading IT support company, we are helping Bristol businesses to buy new IT equipment and utilise the UK super deduction tax relief. If done correctly businesses can claim 130% capital allowances on IT hardware.

Business IT – Planning a successful IT strategy

Business IT systems need to support business operations as well as allow business growth. Making an IT business plan allows your business to gain the maximum benefit of its existing IT as well as plan future investment.

Man In The Middle – Behind the Hack [Video Guide]

Cybersecurity (cyber security) is a buzzword that seems to have appeared relatively quickly in the world of business IT.  If you search the term “cybersecurity” or “cyber security” on the BBC News website, there are currently 29 pages of articles from the last 2...

WordPress Security – Attacks leave 1.6 million sites damaged

Are you confident that your WordPress website is secure? Yesterday, on the 9th of December 2021, 1.6 Million WordPress Sites were Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs. It’s safe to say this is a major concern to businesses everywhere. WordPress...

Ransomware – Behind the Hack [Video Guide]

How would your business react if you were locked out of every single file stored on any PC or cloud platform in your network, with the only way to free your data being to pay vast sums of money to a hacker? Well, ransomware does just that. Despite how crippling this...

Eternal Blue – Behind the Hack [Video Guide]

What would you do if a hacker had access to all of your sensitive documents and data through a machine that they had exploited, with access to control your webcam as well as monitor the screen and keyboard? It’s not something out of action movie, what we’re describing...

Another Cyber Security zero-day exploit

On 9th November Microsoft released a fix for Windows based computers that allowed an attacker to take control of your systems as an admin.  This was known as CVE-2021-41379 and was the latest in a series of cyber security issues involving Elevation of Privilege...

Cyber Security Infographic

With cyber attacks becoming increasingly common for businesses of all sizes, it is critical that your organisation understands the most common types of cyber attack and what you can do to protect yourself. Take a look at our cyber security infographic which takes you...

8.4 Billion Passwords Leaked In “RockYou2021” Hack – How To Protect Your Business

The largest password collection of all time was recently leaked onto a hacker forum, with an eye-watering 8,459,060,239 (8.4 billion) unique entries stored in a 100GB TXT file putting potentially billions of logins at risk.  Dubbed as ‘RockYou2021’ after the RockYou...

How To Fix Windows ‘PrintNightmare’ Vulnerability – Video

Microsoft is warning Windows users about a currently unpatched security flaw in the Windows Print Spooler service which is being actively exploited. Whilst waiting on a fix from Microsoft, Window's PCs are potentially vulnerable to be hacked whenever they are switched...

WordPress Security – Attacks leave 1.6 million sites damaged

Are you confident that your WordPress website is secure? Yesterday, on the 9th of December 2021, 1.6 Million WordPress Sites were Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs. It’s safe to say this is a major concern to businesses everywhere. WordPress...

Eternal Blue – Behind the Hack [Video Guide]

What would you do if a hacker had access to all of your sensitive documents and data through a machine that they had exploited, with access to control your webcam as well as monitor the screen and keyboard? It’s not something out of action movie, what we’re describing...

Another Cyber Security zero-day exploit

On 9th November Microsoft released a fix for Windows based computers that allowed an attacker to take control of your systems as an admin.  This was known as CVE-2021-41379 and was the latest in a series of cyber security issues involving Elevation of Privilege...

How To Fix Windows ‘PrintNightmare’ Vulnerability – Video

Microsoft is warning Windows users about a currently unpatched security flaw in the Windows Print Spooler service which is being actively exploited. Whilst waiting on a fix from Microsoft, Window's PCs are potentially vulnerable to be hacked whenever they are switched...

4000 small businesses a day: the vicious spread of WannaCry

In May this year the online world witnessed the Wannacry ransomware attack, a cryptoworm which spread like wildfire, demanding payments in the cryptocurrency Bitcoin in over 230,000 computers using the Windows operating system. The National Health Service, the UK's...

Cyber Security Infographic

With cyber attacks becoming increasingly common for businesses of all sizes, it is critical that your organisation understands the most common types of cyber attack and what you can do to protect yourself. Take a look at our cyber security infographic which takes you...

8.4 Billion Passwords Leaked In “RockYou2021” Hack – How To Protect Your Business

The largest password collection of all time was recently leaked onto a hacker forum, with an eye-watering 8,459,060,239 (8.4 billion) unique entries stored in a 100GB TXT file putting potentially billions of logins at risk.  Dubbed as ‘RockYou2021’ after the RockYou...

Can your business cope with winter disruption?

Thanks to the unseasonably mild weather we’ve enjoyed this autumn, it’s easy to forget that winter, and all the potential havoc it can wreak, is soon to follow. It’s hard not to feel that our weather has become more unpredictable and freak storms just aren’t, well,...

New Dark Web Monitoring Tool Available from Absolutely PC

How much of your business and personal data is available online? The results could surprise you. With small business in the UK alone targeted by up to 65,000 attempted cyber attacks per day, data breaches and leaks are becoming an increasingly common occurrence. Once...

Man In The Middle – Behind the Hack [Video Guide]

Cybersecurity (cyber security) is a buzzword that seems to have appeared relatively quickly in the world of business IT.  If you search the term “cybersecurity” or “cyber security” on the BBC News website, there are currently 29 pages of articles from the last 2...