- August 27, 2018
- Posted by: Chad Gniffke
- Category: Tech Tips
Security should be top of mind for all businesses these days. There are just too many ways for attackers to get your critical business data, and they will use every trick in the book to gain that access. Often for small businesses, phishing is one of the easiest methods malicious folks use to obtain information from your network. Enabling 2FA (2 Factor Authentication) is a great way to combat this issue. 2FA requires something the user knows and something the user has in order to log in. For example, a typical 2FA login will require a password, and then a code entered from a text on your phone, or a specific authentication token kept with the user.
Most of the top cloud services like Office 365, Google’s G Suite and more have the ability to turn on 2FA. Unfortunately, many employees and even some high-level executives often complain about these types of security measures. They don’t want to try to remember long complicated secure passwords, and they certainly don’t want to wait around for a text or make sure they have some other hardware handy to complete the login process. Convincing them to embrace 2FA can really save your company from security headaches later.
How can you get your employees, and maybe even yourself on board with 2FA?
Explain to them how phishing works
When a person faces a phishing attack they are often unsure if the request is legit or not. If the email or pop up is convincing enough, the users might be tempted to enter their login credentials on a fake site. When this happens the attackers receive your username and password and proceed to use it to log in as you to the cloud service. They have programs that perform this task immediately and often proceed to change your login credentials before you even have a chance to figure out what you have done.
With 2FA authentication turned on, the attackers could get stuck at the login, as they wouldn’t have access to the code you were sent when they attempted to log in. Some really smart phishing attempts will even give you a 2FA login screen as well so you can pass the code you have received on to them to use. So, while the method isn’t foolproof, it does give you some time to think about where you are entering your information.
Make it as easy as possible
Another way to get folks on board with 2FA is to make it as easy to use as possible. Sometimes 2FA can send the user’s phone a notification that only needs the user to press yes in order to proceed. This method doesn’t require the user to retype a code they have received or had to look up. If they don’t really have to go out of their way to utilize this higher form of security, you are likely to receive less pushback about it.
Scare them if you have to
Fear is sometimes a great motivator. Quite often attackers even use this tactic to obtain a user’s credentials in the first place. There are plenty of headlines about large security breaches at huge companies like Equifax, Target, Wendy’s and so many more. Although a small business wouldn’t make the 10 o’clock news for a security breach, the loss of confidence from customers could still be permanently damaging to the company.
Anytime 2FA is offered for a service your company uses, you should implement it right away. It is a great, easy, way to step up the security for your critical business data.