What is two factor authentication (2FA) and why is it so important?
To understand why we now need 2FA as a minimum, it’s good to understand what has changed…
All business data was held on servers, inside the offices where we worked. The office had physical security to protect access to the IT systems, and remote access was not possible.
With modern working we can access our emails from anywhere over the internet. We need to be able to see and respond to emails on our phones when we are out and about, and home working has made us more productive and flexible. However, this has removed the physical security we used to have on our systems, when they we were only accessible onsite, in a locked office.
Your email and file data can be accessed anywhere that has an internet connection! So, a simple username and password is no longer enough, we need something to replace the physical security we had when everything was office based and not accessible over the internet. Let’s dive into the advances of passwords and security more specifically 2FA or two-factor authentication.
Why would hackers want to steal my information?
The market for the data harvested from cyber attacks has also grown. There is a high demand on the dark web for access to legitimate business email accounts. Your login details and business systems could be used to spam out vast numbers of ransomware to generate ransom money for the attackers (used to fund organised crime and terrorism).
Your login details could be used to hack your business website to distribute malicious material and seriously harm your business name and reputation. Governments even sponsor cyber attacks to compromise rival foreign firms and discover intellectual property to steal your innovation to their advantage.
Introducing 2FA or two factor authentication?
Just like it sounds, 2FA adds a 2nd layer of authentication on top of the username and password. Crucially, this additional layer takes a different format, which makes your logins and data infinitely more secure.
Banking and financial data has been secured with 2FA for years, by texting you a code which expires after 30 seconds or so. This was replaced by authentication apps which we could simply tap ‘ok’ on, however we’ve moved back to numeric codes recently to combat 2FA fatigue (more on that later).
Microsoft, Apple and other vendors have also added biometrics as a 2nd layer of authentication, such as fingerprint login and infrared face ID.
A password alone can be guessed or hacked.
A Brute force attack or a ‘dictionary’ attack, uses a list of common passwords, or dictionary words, attempting to login one by one. This has been slowed down by locking accounts out after x attempts.
Social engineering enhanced dictionary attacks. A hacker could check out your public profiles on Facebook, creating a customised dictionary attack, using your mother’s maiden name, place of birth, pet’s names etc that are easily found online.
We hear about large companies suffering data breaches all the time, to the point at which they’re barely reported in the press. Unfortunately, most people use the same password for multiple logins. This means that when the Sky/T-Mobile/Easy Jet data breach occurred your password for their site was leaked onto the dark web. So, if you used the same password for your business email or systems then hackers can easily access your data.
2FA ensures even if a hacker knows your username and password, they still cannot access your business data. They still need that unique (time sensitive) 2FA code, or auth on your mobile app.
Mobile app authentication was more convenient that having to type in a code, but this has been depreciated (in favour of numeric codes) due to 2FA/MFA fatigue. This is where a hacker will attempt to login to your account with your password multiple times, until you get fed up with the prompts on your phone and eventually just authorise it.
2FA must be a minimum standard across all your business logins to secure your data. At Liberate IT we help our clients transition to 2FA and re-enforce this with regular security training video’s. We compliment 2FA with our dark web monitoring, which alerts our clients if their password has been leaked onto the dark web.
Liberate IT Security goes beyond 2FA.
The most common threat to 2FA is a session hack. This is where a hacker will typically send a phishing email that looks like your genuine workplace login. A user may unknowingly log in to this malicious portal complete with their 2FA code, only for a hacker to harvest this login data to access your data at a later date.
Liberate IT further reduce these cyber threats with conditional access, which blocks logins to your systems from locations or devices you do not permit. We can lock down access to the UK, your offices, or to only specified devices. Conditional access almost takes your security back to the days when your data was held offline, in a secure office!
Liberate IT security team use specialist software to monitor logins to your systems, alerting us of suspicious activity, such as multiple failed login attempts, login attempts from overseas, and now ‘impossible travel’ logins.
Impossible Travel (IT Security.)
An Impossible travel login is when your username logs in from one location, and then another far away location in an impossibly short amount of time. Imagine if you login from Derbyshire, and then London 30 seconds later. It would be impossible for you to travel from Derby to London in that amount of time, so we are alerted, and your account blocked from further logins.
Hopefully, this has given you an insight as to why Liberate IT support is necessary to proactively monitor and secure access to your data. Cyber attack methods evolve proactively, and so should your business cyber security and your business IT support. Contact the experts at Liberate IT and give yourself the peace of mind that the professionals are protecting your business.