Skip links

Why 2FA Cannot Protect You

Many organizations today do not even have two-factor or 2FA enabled which is a whole other story. Truth is any business would benefit from the additional layer of security for your email accounts, for example, VPN or business application. So in your organization today if you do not have 2FA enabled on all critical items then you have arguably bigger issues. Two-factor has been promoted for many years as a great method to protect your business. But why is 2FA just not enough?

Let’s Talk Twitter

In the last week or so we have seen a very public hack regarding the Twitter accounts of very notable people from Bill Gates to Elon Musk. But surely they had 2FA turned on? Whilst many theories are being played out in the media let’s not forget for a moment that 2FA can be turned off! If you can access the email account of the target you can in many cases turn off 2FA to gain access.

Let’s go a step further and you will see how hackers can actually use 2FA to keep YOU locked out of your own accounts. As seen recently here with hackers locking out of a valid XBOX user account.

Security Requires Multiple Levels

2FA adds a very much needed level of additional security but it cannot simply be the only one you rely on. Your organization should understand all of the potential security methods that could be deployed and review them all accordingly. Security will always be ongoing in your business and needs to be treated as such. The biggest component of success is data, KPI’s and processes to ensure that you are building a security culture within your own business that does not rely simply on tools alone.

Security Landscapes Change

Many years ago simply having a good password was all you needed. Then over time, you needed a longer password, then you needed unique passwords. As business leaders, you need to understand that times change and your security needs to adapt to it. It is common these days for companies to have programs that manage passwords and 2FA for us, that organizations have automated routines around phishing users and training them. 2FA is a great tool to help protect us however we should also be utilizing other avenues at the same time.

Can 2FA Help Protect My Business?

2FA can be a great tool to help mitigate risk within your business today. This can be turned on for your email, the main line of business applications you have, and more. However, cannot simply rely on it to protect all of our business data. An established procedure around understanding what data we are protecting and who has access is a great start. In addition to 2FA you should be working with your internal teams or outsourced third-party providers to establish dark web monitoring, additional advanced email filtering for example. These are a few however you will find many others as you review your own organizations security stance.

Do you need help preparing your technology for the future? Our vCIO team is ready to tackle your challenges. Contact us today to find out what a vCIO can do for your business.

Join the Discussion