Business IT security is more critical now than ever before but as a business owner what exactly can you do to protect your business? It seems that no matter how much you spend there is an endless list of new threats that need more time and money spent on them, so why bother.
Cyber security is much like traditional security, there is no end to the amount you could spend to improve the security of your business. For example your premises security might comprise of: floodlights, alarms, police response, security cameras, shutters, fencing, security guards. However, we all know that a determined criminal could break in if they wanted to. Your aim is therefore to do enough to deter the vast majority of criminals. Once they realise the effort required, most will move on to easier targets.
Over the next few articles we will look at some of the basic steps you can take to protect your business from cyber attacks. Let’s start of with an easy one which is called 2FA or MFA.
What is 2FA or MFA?
2FA, two-factor authentication and MFA or multi-factor authentication are often used interchangeably. They mean fairly much the same thing in the world of IT security.
When you log into a website, program or application you normally need a username and password. What is becoming more common is the need to input another piece of information such as a code. For example, it might be a SMS text sent to your mobile phone. This code is essentially the 2nd factor that is required to authenticate who you are, hence the name “2FA”.
Essentially you might describe it as:
- Something you know, like a PIN number
- Something you have, like a smartphone or secure USB key
- Something you are, like a fingerprint or facial recognition
Why use 2FA as part of your business IT security?
Having to enter 2 or more bits of information increases the IT security level manyfold. Think of it like chip and pin for your credit card. If you lose your credit card then a criminal has the potential to go to shops and use contactless payment but at some point they will be requested to enter the 4 digit pin. Without this secondary piece of information, the card is now useless and will not work again.
2FA is designed so that even if your password is compromised then your account is still safe. Without the second piece of information the chance of an account breach is close to zero.
Surely passwords are safe?
Passwords are normally quite safe but they do have some weaknesses that make them more vulnerable than we imagine. Some of the more common issues:
- People sharing passwords
- Writing down or storing passwords (without a password manager)
- Using simple passwords
- Reusing the same password on multiple sites
- Using personally identifyable information such as childrens names or birthdates.
- Websites being hacked making user credentials available
How is 2FA different to a password?
2FA often utilises a piece of information, such as a code, that is only valid for a short period of time – 30 seconds to 5 minutes are quite common.
Now in order to access your account a criminal would need to guess your username, password and this second code that changes each time you try to log in.
As you can see this is highly unlikely and is the reason that 2FA is a simple addition to your business IT security toolbox.
Given that most people carry a smartphone, they lock it and it rarely leaves their side then this is a great way to use 2FA. There are many apps available to download but the most common are Microsoft Authenticator and Google Authenticator.
Once downloaded then 2FA needs to be turned on within the account settings of the website and it will normally give a QR code for the app to scan.
Once complete the app generates a random code that is valid for 30 seconds and without it there is no way to access the account.
Where to use 2FA
Many places such as banks have enabled 2FA already and it is not possible to utilise their services without this second code. Banks tend to use SMS text or their own card readers but it is essentially the same thing.
My suggestions for 2FA are:
- Microsoft Office 365
- Email scanning accounts
- Critical business applications holding sensitive information (CRM for example)
- VPN connections to servers
- Anywhere a compromised account could be catastrophic
Do you need help?
Have you got to this point and thought – “Yep, I need to do something now but I haven’t got time”. Maybe you want to implement this yourself but need to check a few things first. Either way we are happy to help.
As a managed IT service company we spend our time helping businesses to get what they need from their IT systems and we would be happy to help you too. Click the button below and get a free 15 minute consultation to discuss your business IT and what you need help with.
- There are no hidden charges – this is a 100% free 15 minute consultation with no hidden charges.
- We will never spam you or sell on your contact details.
- We will treat your information with absolute confidentiality.
Other Posts for you to Enjoy