Business IT security is more critical now than ever before but as a business owner what exactly can you do to protect your business?  It seems that no matter how much you spend there is an endless list of new threats that need more time and money spent on them, so why bother.

Cyber security is much like traditional security, there is no end to the amount you could spend to improve the security of your business.  For example your premises security might comprise of:  floodlights, alarms, police response, security cameras, shutters, fencing, security guards.  However, we all know that a determined criminal could break in if they wanted to.  Your aim is therefore to do enough to deter the vast majority of criminals. Once they realise the effort required, most will move on to easier targets.

Over the next few articles we will look at some of the basic steps you can take to protect your business from cyber attacks.  Let’s start of with an easy one which is called 2FA or MFA.

What is 2FA or MFA?

2FA, two-factor authentication and MFA or multi-factor authentication are often used interchangeably. They mean fairly much the same thing in the world of IT security.

When you log into a website, program or application you normally need a username and password. What is becoming more common is the need to input another piece of information such as a code.  For example, it might be a SMS text sent to your mobile phone.  This code is essentially the 2nd factor that is required to authenticate who you are, hence the name “2FA”.

Essentially you might describe it as:

  • Something you know, like a PIN number
  • Something you have, like a smartphone or secure USB key
  • Something you are, like a fingerprint or facial recognition

Why use 2FA as part of your business IT security?

Having to enter 2 or more bits of information increases the IT security level manyfold. Think of it like chip and pin for your credit card.  If you lose your credit card then a criminal has the potential to go to shops and use contactless payment but at some point they will be requested to enter the 4 digit pin.  Without this secondary piece of information, the card is now useless and will not work again.

2FA is designed so that even if your password is compromised then your account is still safe.  Without the second piece of information the chance of an account breach is close to zero.

Surely passwords are safe?

Passwords are normally quite safe but they do have some weaknesses that make them more vulnerable than we imagine.  Some of the more common issues:

  • People sharing passwords
  • Writing down or storing passwords (without a password manager)
  • Using simple passwords
  • Reusing the same password on multiple sites
  • Using personally identifyable information such as childrens names or birthdates.
  • Websites being hacked making user credentials available

How is 2FA different to a password?

2FA often utilises a piece of information, such as a code, that is only valid for a short period of time – 30 seconds to 5 minutes are quite common.

Now in order to access your account a criminal would need to guess your username, password and this second code that changes each time you try to log in.

As you can see this is highly unlikely and is the reason that 2FA is a simple addition to your business IT security toolbox.

How 2 factor authentication works

Using 2FA

Given that most people carry a smartphone, they lock it and it rarely leaves their side then this is a great way to use 2FA.  There are many apps available to download but the most common are Microsoft Authenticator and Google Authenticator.

Once downloaded then 2FA needs to be turned on within the account settings of the website and it will normally give a QR code for the app to scan.

Once complete the app generates a random code that is valid for 30 seconds and without it there is no way to access the account.

Where to use 2FA

Many places such as banks have enabled 2FA already and it is not possible to utilise their services without this second code.  Banks tend to use SMS text or their own card readers but it is essentially the same thing.

My suggestions for 2FA are:

  • Microsoft Office 365
  • Email scanning accounts
  • Critical business applications holding sensitive information (CRM for example)
  • VPN connections to servers
  • Anywhere a compromised account could be catastrophic

Do you need help?

Have you got to this point and thought – “Yep, I need to do something now but I haven’t got time”.  Maybe you want to implement this yourself but need to check a few things first. Either way we are happy to help.

As a managed IT service company we spend our time helping businesses to get what they need from their IT systems and we would be happy to help you too.  Click the button below and  get a free 15 minute consultation to discuss your business IT and what you need help with.

Our guarantee:

  • There are no hidden charges – this is a 100% free 15 minute consultation with no hidden charges.
  • We will never spam you or sell on your contact details.
  • We will treat your information with absolute confidentiality.

Other Posts for you to Enjoy

 

Let’s operate in the “Arena”

  Introduction Back in 2002 the media did their usual frenzied attack on Donald Rumsfeld after he introduced them to the conept of "Known Unknowns" and "Unknown Unknowns": “Reports that say that something hasn't happened are always interesting to me, because as...

Happy Birthday Absolutely PC

Absolutely PC celebrates its 18th Birthday in March 2023.

What is the difference between a MSP and IT support

What is the difference between IT Support and a managed service provider (MSP). By understanding the difference you will be better able to choose the right type of support for your business.

LastPass Security Breach

LastPass is a password management utility and application allowing companies and people to store their passwords. After a recent breach there are some serious security issues that need attention. This article looks at what these issues are and how to re-secure your passwords.

Backup Disaster Recovery – Protected

Backup disaster planning allows your business to recover quickly and simply and has an affordable budget which is consistent. Choosing what, how and where to backup will be explained within this series of articles and allow you as a business owner to make an informed choice about how to protect your business.

Backup Disaster Recovery – Backup Options

Backup disaster recovery includes onsite and cloud-based backup options. Which is the best option for your business and what is the difference between them.

Super Deduction, HMRC pays for IT

HMRC have a tax relief available called super deduction. Super deduction allows your business to buy IT equipment and offset 130% of its cost against your corporation tax. In order to take advantage of this relief you need to purchase equipment before 31st March 2023.

Backup Disaster Recovery Plan – Data

“What data to backup” is the first step in backup disaster recovery planning and is a key part of your IT emergency response plan. This article looks at some of the data that is often forgotten. By ensuring you include all of the data your business depends upon, you maximise the chance of recovery when it is needed.

Disaster Planning

Is Disaster Planning a useful exercise?  For this business, the worst nightmare possible happened last weekend.  They had a major fire!  What actually happens when a fire occurs in a business and is it something you should plan for? Today we look at planning for the...

IT Security: Folina Vulnerability Fixed

IT security update: Folina vulnerability has been fixed by Microsoft. How to ensure your system is protected and reverse the temporary fix we suggested.

Ransomware – Behind the Hack [Video Guide]

How would your business react if you were locked out of every single file stored on any PC or cloud platform in your network, with the only way to free your data being to pay vast sums of money to a hacker? Well, ransomware does just that. Despite how crippling this...

4000 small businesses a day: the vicious spread of WannaCry

In May this year the online world witnessed the Wannacry ransomware attack, a cryptoworm which spread like wildfire, demanding payments in the cryptocurrency Bitcoin in over 230,000 computers using the Windows operating system. The National Health Service, the UK's...

WordPress Security – Attacks leave 1.6 million sites damaged

Are you confident that your WordPress website is secure? Yesterday, on the 9th of December 2021, 1.6 Million WordPress Sites were Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs. It’s safe to say this is a major concern to businesses everywhere. WordPress...

8.4 Billion Passwords Leaked In “RockYou2021” Hack – How To Protect Your Business

The largest password collection of all time was recently leaked onto a hacker forum, with an eye-watering 8,459,060,239 (8.4 billion) unique entries stored in a 100GB TXT file putting potentially billions of logins at risk.  Dubbed as ‘RockYou2021’ after the RockYou...

Eternal Blue – Behind the Hack [Video Guide]

What would you do if a hacker had access to all of your sensitive documents and data through a machine that they had exploited, with access to control your webcam as well as monitor the screen and keyboard? It’s not something out of action movie, what we’re describing...

LastPass Security Breach

LastPass is a password management utility and application allowing companies and people to store their passwords. After a recent breach there are some serious security issues that need attention. This article looks at what these issues are and how to re-secure your passwords.

Another Cyber Security zero-day exploit

On 9th November Microsoft released a fix for Windows based computers that allowed an attacker to take control of your systems as an admin.  This was known as CVE-2021-41379 and was the latest in a series of cyber security issues involving Elevation of Privilege...

New Dark Web Monitoring Tool Available from Absolutely PC

How much of your business and personal data is available online? The results could surprise you. With small business in the UK alone targeted by up to 65,000 attempted cyber attacks per day, data breaches and leaks are becoming an increasingly common occurrence. Once...

How to Protect your Business from Cybersecurity Threats

With UK small businesses targeted with 65,000 attempted cyber attacks per day, having robust measures to deal with cyber security threats is more important than ever. The recent attack on SolarWinds proves that no business is safe from hackers and that businesses both...

How To Fix Windows ‘PrintNightmare’ Vulnerability – Video

Microsoft is warning Windows users about a currently unpatched security flaw in the Windows Print Spooler service which is being actively exploited. Whilst waiting on a fix from Microsoft, Window's PCs are potentially vulnerable to be hacked whenever they are switched...