Two-factor authentication or 2FA has been around for quite some time, most of us have experienced its use at some point in our personal or business lives. Two-factor authentication provides a more reliable authentication that the person truly is the account owner. The typical alternative methods are text messages or emails which can be easily intercepted.
How Does 2FA Work?
When attempting to access your bank account or other sensitive data you are prompted for a code, typically six digits occasionally less. The code is typically generated by your 2FA app on your phone, in certain cases, your code is emailed or sent via SMS to your cellular phone. A true 2FA solution enforces the use of a particular application that displays the 2FA code to the user.
Does All Of Your Organization Use 2FA?
If you are a CPA firm or medical provider these days it is common for 2FA to be enforced by the software vendor. So does your firm utilize 2FA? Often the answer is yes but after deeper discussion, we often find out the 2FA is not applied to all of the organization’s tools and software they use every day. Let’s take a look at some examples of where you may have gaps in 2FA authentication-
- Email such as Office365/Google GSuite- many times 2FA is not enabled despite it being readily available for implementation. In a blog post shared by Microsoft labeled – One simple action you can take to prevent 99.9% of attacks on your account. Microsoft made it very clear that implementing this basic security measure does have a dramatic impact.
- Using 2FA for some users but not all- we often interact with clients and sometimes vendors. Simply protecting the CEO’s and CFO’s account and not worrying about your other employees is a huge security miss. We recommend creating an audit of who has 2FA enforced then enabling those remaining users who do not have it. Create a spreadsheet detailing who has access to which applications and ensure that 2FA is turned on for everyone.
- Cloud based file sharing such as OneDrive or Dropbox- with so much cloud adoption these days files and folders can be stored in cloud-based file applications such as OneDrive, Google Drive, Dropbox, etc. 2FA can be turned on for these applications also however is often forgotten about.
- Social media accounts- yes 2FA can be turned on for your Facebook business accounts and other social media such as LinkedIn for example. We urge you to explore your social media ensuring that 2FA is enabled for those accounts too. The very last thing you want is for malicious links to be sent from your LinkedIn or Twitter accounts.
- Your website- with so many exploits of WordPress for example we recommend turning on 2FA for your WordPress website. Not using WordPress? So many other platforms out there such as Joomla, Drupal, etc. these all offer this option. If you do not maintain your own website then contact your website provider. This will allow you to understand the basic security measures they are taking to help protect your online web presence.
2FA Can Be Turned Against You
Believe it or not, if you do not turn on 2FA then cybercriminals will! What do we mean? If you have an account that has the ability to utilize 2FA but you have not turned it on, then criminals can turn on 2FA to lock you out of your accounts. Anyone who has ever turned on 2FA then lost access knows how painful this can be. Trying to get back into your online accounts when someone has turned this on is incredibly difficult. So be proactive and ensure it is you who turned on 2FA, not the criminals.
Ensuring Security Is On Your Technology Roadmap
If you do not make cybersecurity a priority then you will likely experience a cybersecurity data breach. 2FA is the most basic element of security, if 2FA is not on your technology roadmap then it should be. There are tools and programs to make the implementation of 2FA straightforward and less cumbersome. Implementing 2FA does not have to be hard or difficult for your users, many programs and tools exist for the seamless introduction of 2FA throughout your organization. Those frequently used tools within the technology industry include Duo, LastPass, Dashlane to name a few. If you are using a Mac we are big fans of 1Password.
What Should I Do?
We encourage our readers to enforce 2FA everywhere possible. Review your current technology roadmap to ensure cybersecurity is front and center together with a budget that ensures its successful implementation. Whilst implementing this type of security is just one item it could save your company from a serious data breach or ransomware attack.
Do you need help preparing your technology roadmap? Our vCIO team is ready to tackle your challenges. Contact us today to find out what a vCIO can do for your business.