Owning a small business means you get to make your own choices about how it operates. You want everything to be carried out smoothly while maintaining employee and customer satisfaction. This means having no interruptions in the workday and no system crashes. You also want to maintain trust, which means keeping any data you’re responsible for safeguarding out of the hands of hackers and thieves.
In today’s climate, cyberattacks are ramping up and are not stopping for anyone. They can be in the form of phishing emails, ransomware, or data breaches. That’s why it is important to make sure your data is protected and to use secure networks and strong passwords.
But one of the easiest and most effective ways to protect your data is to enable multi-factor or two-factor authentication (2FA).
What is Two-Factor Authentication?
Two-factor authentication (2FA) is when a user is permitted access only after successfully presenting a combination of two pieces of evidence to prove that they are who they say they are. This information may be something only the user knows, something only the user has, or something only the user is(more on that in a minute).
When users attempt to log into an account or gain access to a web application, they will be asked to provide an additional piece of information if 2FA is enabled. The information could be anything from your mother’s maiden name to what city you were born in. There’s a purpose behind requiring this information; if a hacker cracks your password, there’s likely not much else standing in their way. They’ve broken down the gate and there’s no soldiers inside the castle. Your money, your identity, your data—it’s all there for the taking.
But 2FA is the army on the other side of the castle walls, and unless their general recognizes you, you’re getting kicked right back out. A legitimate user proves their identity by providing something only they should know, have, or be.
If you’re the king or queen of this castle, you want to have an army protecting you, not just one gate. The same idea of having multiple layers of defense applies to your business as well.
Proving You Are Who You Say You Are
Examples of something only a legitimate user knows include a secret PIN or an answer to a security question (mother’s maiden name, pet’s name, favorite high school teacher, etc.). But you might be asking yourself, “Wouldn’t a password count as something only I know?” Well, yes, a password is something only you should know, but passwords are used in the first layer of security (the castle gate). All accounts will require you to have a username/password combination; 2FA represents additional security on top of that.
Examples of something only a legitimate user has include a physical card, key, token, or device. A one-time password sent to a verified email address or phone number would also count. Although the password is a piece of information (something you know), a one-time password confirms you “have” that email address or phone. There are also third-party authenticator apps that perform the same task.
As for things only a legitimate user is, these are data based on unchangeable physical characteristics, also known as biometrics. Biometric data include fingerprints, eyes scans, voice analysis, typing speed, or other intrinsic features that are incredibly hard to falsify.
2FA, Your Business, and You
You’re probably more familiar with 2FA than you know. If you’ve ever logged in to a website from a new device, you may have been asked to provide a security code. This could have been sent to an email address or a phone number associated with that account. Confirming your identity in this way is a minor inconvenience and it may even seem trivial, but 2FA requests can go a long way towards protecting your account. Plus, it’s free and doesn’t require you to download any software.
For small businesses running a tight budget, 2FA should be your best friend. You’ve got a responsibility to ensure that your internal information is only accessed by those who should be seeing and handling it. Besides ethical concerns, there’s also serious practical concerns that 2FA helps solve. How do you keep your employees’ accounts secure? How do you verify only users with permission are accessing your systems? If you’re not starting with 2FA, you’re solving these problems the wrong way.
One industry in which 2FA has gained increasing importance is health care. Since the start of the pandemic, telemedicine has taken off as people need ways to still get treatment while being socially distant. However, the industry has been plagued by fraud. In fact, health care fraud now costs U.S. taxpayers billions of dollars each year. Tony Raval, an expert in the identity industry, believes that 2FA “has become a necessity in the digital age, especially as fraudsters have continued to work around previously implemented methods, such as passwords, security questions and pin codes.”
2FA is also really important in your personal life. Again, it’s completely free to enable and it only takes a couple of minutes. Think about it—would you really guard a castle with just a gate? No, you wouldn’t, but that’s all you’ve got with just a password. Ideally, you want to guard your castle with a moat full of alligators, catapults with flaming rocks, and a loyal army with swords and shields. Two-factor authentication is your army; you might want to have the other stuff too, but you’re putting way too much faith in that gate way by not having some steel between you and the outside world.
Taking this small, extra step will dramatically and instantly improve your cybersecurity posture. It isn’t the only step you need to take (especially when working from home), but it’s the perfect place to begin. If you need help setting up 2FA or have questions about what else you should be doing to keep your business or organization safe from cyberattacks, a trusted IT partner will be happy to help. Machado Consulting is that IT partner, and we’re always ready to assist you with improving your security.