Two factor authentication, 2FA, multi-factor authentication or two-step verification refers to the act of a user providing two authentication factors to prove identity and gain access to an online network or user account. Sound familiar? There’s a high chance that you’ve already used 2FA in your business or personal life, take logging into your online banking using a customer number and card reader for example. Another typical example is receiving an authentication code to your mobile phone in addition to inputting your email address and password to gain access to an online account.
2FA can take on multiple forms, including anything from answering security questions, receiving pin codes, to using devices such as ID cards and mobiles, and even more futuristic methods like eye retina scanning and fingerprint/voice recognition. Most commonly codes are received via SMS messages and apps and the codes will be different each time to make the process more secure.
2FA is designed to add an extra layer of security when logging into online accounts or connecting to networks, making them more secure. Symantec’s annual Internet Security report stated that 80% of security breaches could have been prevented by the introduction of 2FA by small businesses.
Pros and Cons of using 2FA
2FA is by all means not compulsory on all online accounts and networks, and often is activated by account admins and business managers, so whether or not you use 2FA is entirely up to you. It’s also important to remember that while 2FA can improve the security of your online accounts, it still needs to be used alongside other security measures.
- Added layer of protection on confidential and important online accounts and networks
- Relatively easy to activate on many popular online accounts
- Increases security of passwords
- Cost effective
- If your business model means you have to store confidential information, using 2FA can be a reassurance and selling point to customers
- Additional set-up time on online accounts and education of employees
- Sometimes reliant on having access to an additional device, e.g. mobile phone in addition to laptop
- 2FA isn’t completely immune to some criminal activity, such as malware attacks
- Account recovery can be time-consuming and tricky, especially if you lose or damage mobile devices that are used within the 2FA process
What to do if you decide to implement 2FA for your business:
There’s lots of ways you can implement 2FA as part of your SME cyber security:
1. Activate 2FA on external online accounts
Many online accounts that your business uses may have 2FA available and ready to implement. Popular business platforms like email marketing tool Mailchimp, Skype, and storage programmes like Dropbox and Google Drive all have 2FA options that you can set up and activate. There’s even a website dedicated to listing all online programmes where 2FA can be activated.
2. Where 2FA isn’t readily available contact online accounts
Each business is different so the online tools, accounts, and CRM systems you use could well be different to the business down the road. This goes for other factors like number of employees, and type of information stored too. If you can’t find where to activate 2FA on your online accounts, or it looks as though it’s not offered, it’s worth getting in touch with the customer services team. You can then discuss with them possible 2FA options available and even consider switching suppliers if you feel their security isn’t as strong as others.
3. Educate your employees
If you have employees who work for you, take some time to explain to them the changes that implementing 2FA will have on the business and if it affects their day-to-day job. It’s worth mentioning why you’re implementing 2FA and taking the opportunity to reinforce the importance of security when using any online accounts to input, access, and transfer documents and data online.
4. Be aware of public Wi-Fi
2FA is especially important if you’re using public Wi-Fi to carry out any work tasks. As a small business owner it’s likely you may be working from different locations in-between meetings, and public Wi-Fi is undoubtingly a bit of a godsend when trying to work remotely. However, it’s not particularly secure and should be approached with caution, having 2FA set up on accounts you’re likely to use when working remotely helps to add an extra layer of security if hackers were to gain access to your password through public internet connections.
5. Invest in a 2FA solutions programme
If you have the budget and have limited options to activate 2FA through existing accounts, you may want to consider investing in a 2FA solutions programme and tools, looking to independent specialised companies to offer you authentication across multiple areas of your business. These tools often cover all applications and devices and often offer VPN as part of the package. VPN (virtual private networking) protects data online by creating a secure connection to networks across the internet, and is most valuable when working remotely to gain access to data sources when the user is not on the same LAN (local area network).
It’s vital that all small business owners invest time into protecting their business online, and something as simple as activating 2FA on accounts can help add an extra layer of security when accessing data online. For more tips and advice on how to make your SME cyber secure download our free guide.