Cybersecurity Tip: Make two-factor authentication a mandatory security minimum for all staff

As a firm, we’ve always done our due diligence to remain as cyber secure as possible. But the reality is, there’s no such thing as 100% certainty when it comes to cyber attacks.

We consulted with two subject matter experts to gain their insights – Sean Jennings, President at CIM Solutions and Enzo Logozzo, Director of Sales and Marketing at 365 iT SOLUTIONS. Together with Sean and Enzo, we’ve put together our collective tips for increased security and shared them here.

We’re sharing one tip a week for the month of October, which is Cybersecurity Awareness Month.

Tip: Make two-factor authentication a mandatory security minimum for all staff

It is estimated that a cyber attack occurs every 39 seconds. That’s roughly 2,244 times a day. Yet one of the easiest ways to drastically reduce the risk of being compromised is enabling two-factor authentication for all business-related login protocols (i.e. email, server, shared drive, cloud-related apps/platforms, etc.).

So, why aren’t more employees using this security measure?

Enzo Logozzo of 365 iT SOLUTIONS chalks it up to simple human characteristics, “What I’m hearing from companies is that most employees get annoyed by the extra step. It’s silly, really, because it literally only takes a few more seconds (than single-factor sign-in). However, that’s the reality many businesses are faced with—the change management aspect of setting up MFA (multi-factor authentication). But I say accept the change. Embrace it. If your IT department is unfamiliar with MFA, there are trusted third-party/IT consulting firms that specialize in this area. Enlist their help. The last thing any business needs is for IT to set up an MFA that is not configured properly. After all, you don’t want to be the next company making headlines for the wrong reasons.”

Case in point, phishing schemes are on the rise against Office 365 and G Suite platforms.

Not only are hackers persistent in their attacks, they’re becoming increasingly more sophisticated and it’s paying off. In fact, it’s predicted cybercrime will cost businesses around the world a whopping $6 trillion annually by 2021. That’s why it’s vital for companies to put up as many barriers as they can. Hence the need to invest in educating staff on the importance of cybersecurity protocols, such as two-factor authentication.

Our IT experts explain why two-factor authentication is important:

It protects what might be ‘known’ to hackers with something ‘owned’: This means, in addition to simply inputting their user name and password, the employee will also have to enter a code that is sent to their cell phone in order to complete the login process. That way, should a hacker get access to their login and password (the something ‘known’), they’ll be instantly blocked because they don’t have access to the employee’s phone (the something ‘owned’).

Possible caveat: Employees will need to ensure they have their cell phones on them at all times. Without it, they wouldn’t be able to complete the sign-in process (as the second step of two-factor authentication is inputting a security code sent by text).

How to take two-factor to the next level:  The IT professionals’ preferred system of two-factor authentication is using the token method. This is where instead of receiving a text with a security code, the employee would have to open an app on their phone to access a software token (a rolling 6-digit code that typically changes every 30 seconds). They would then input that code into their login page for ultra-secure access to their account (serving as a roadblock from potential hacks).