Why we recommend 2 Factor Authentication to our clients
Imagine arriving at work, opening up your e-mail and reading through a confirmation that your CFO has made the fund transfer you (never) requested. Then your client calls to advise they have just made an initial deposit on a recent quotation, yet your team cannot locate the deposit. The stress levels in the office are escalating, everyone is on edge - one of your best sales execs just walked out after being accused of giving out the incorrect company bank details to a new customer.
This is happening to many Australian businesses on a daily basis.
All these issues started because a single company e-mail account was hacked and your every move has been monitored for the last week by a cybercriminal before executing a custom plan designed “just for you”. Maybe you unknowingly gave up your password in response to a well-crafted e-mail from 'IT' asking you to reset your password. Or your Sales Admin keeps their company e-mail password 'in sync' with their LinkedIn account (hackers stole 6.5 million LinkedIn passwords back in 2012). Either way, it's too late and now everything taking place is a distraction from doing business, not to mention the ongoing reputation damage.
The bottom line is that both your username (generally your e-mail address these days) and password are not reliable protection methods for any IT systems. Even if they don't have your password, cyber criminals have the power to test millions of password combinations in a second. That's where 2 Factor Authentication (2FA) comes in. 2FA is an additional layer of security that makes it harder for attackers to gain access to your device or account, significantly reducing the risk of fraud.
A few examples of 2FA already you may already have used before are:
- A token issued by your bank to login to corporate internet banking
- A onetime password sent via SMS to approve a personal bank funds transfer
- Access to Facebook using the Facebook Code Generator
The good news is, as long as you have a smartphone, enabling 2FA is generally free for most systems and just needs the installation of an Authenticator application, such as those from Microsoft or Google. Online Applications such as Office 365, LinkedIn, Facebook, MYOB, XERO, and your bank just require you to turn on the functionality through your profile settings. Other systems such as those used at work for example Exchange, Citrix or Remote Desktop can also have 2FA enabled but may need additional software (such as Duo Security) configured.
Although it can add an additional few seconds to login, enabling 2FA provides your business and personal accounts an extra level of security and is considered a best practice.
If you would like further information on how you can improve your security to support your business growth please contact your usual Hanrick Curran Advisor or alternatively Matthew Green or John Kotzur on 07 3218 3900 who can who can refer you to an ICT specialist.
Thank you to Stephen Gibson from AfterDark Technology for your content contribution.