Implementing 2FA To Secure Your Business

Security should be top of mind for all businesses these days. There are just too many ways for attackers to get your critical business data, and they will use every trick in the book to gain that access.  

Often for small businesses, phishing is one of the easiest methods malicious folks use to obtain information from your network. Enabling 2FA (2 Factor Authentication) to login into your email or device is a great way to combat this issue. 

A typical 2FA login will require a password and a code entered from a text on your phone or a specific authentication token kept with the user. Most of the top cloud services like Office 365 and Google’s G Suite have the ability to turn on 2FA.  

Unfortunately, many employees and even some high-level executives often complain about these types of security measures. They don’t want to remember long complicated secure passwords and certainly don’t want to wait around for a text or make sure they have some other hardware handy to complete the login process. But convincing employees to embrace 2FA can really save your company from security headaches later. 


Here are some ways to get your employees on board with 2FA: 


Explain How Phishing Works 

When a person faces a phishing attack, they are often unsure if the request is legit or not. If the email or pop up is convincing enough, the users might be tempted to enter their login credentials on a fake site.  

When this happens, attackers receive your username and password and proceed to use it to log in as you to the cloud service. They have programs that perform this task immediately and often proceed to change your login credentials before you even have a chance to figure out what you’ve done. 

With 2FA authentication turned on, the attackers could get stuck at the login, as they wouldn’t have access to the code you were sent when they attempted to log in. Some smart phishing attempts will even give you a 2FA login screen as well so you can pass the code you have received on to them to use. So, while the method isn’t one hundred percent foolproof, it does give you some time to think about where you are entering your information. 


Make It As Easy As Possible 

Another way to get folks on board with 2FA is to make it as easy to use as possible. Sometimes 2FA can send the user’s phone a notification that only needs the user to press “yes” to proceed. This method doesn’t require the user to retype a code they have received or had to look up. If they don’t really have to go out of their way to use this extra step, you are likely to receive less pushback about it. 


Scare Them 

Fear is sometimes a great motivator. Quite often attackers even use this tactic to obtain a user’s credentials in the first place. There are plenty of headlines about large security breaches at huge companies like Equifax, Target, Wendy’s and so many more. Although a small business wouldn’t make the 10 o’clock news for a security breach, the loss of confidence from customers could still be permanently damaging to the company. 


Anytime 2FA is offered for a service your company uses, you should implement it right away. It is a great, easy way to step up the security for your critical business data. 



BRITECITY offers local businesses support in areas like Cyber Security, Cloud Services, Strategic IT, and Managed IT Services in Orange County.