Multi-factor Authentication – What it is and why you need it
Over the past few years, working from home has become the new black for office-based businesses. And although the transition from office to home was initially a challenge for many, most have adjusted to the idea that remote work in some capacity is here for the long term. But in the scramble to set up new systems and processes, many companies have overlooked a simple security measure that every business – regardless of their size – should have in place.
Gary Smith - Regional Manager
Think Concepts Regional Manager Gary Smith explains why multi-factor authentication is now the bare minimum when it comes to keeping your business secure.
Passwords are not enough
Cyber criminals make a living out of finding weaknesses in security systems. And while passwords may once have been enough to keep our data protected, the advancing technology used by hackers means that’s no longer the case.
“One of the fundamental issues with passwords is that most of us use weak ones, or we reuse the same password across different accounts, or a variation that is very similar,” says Gary.
According to Nordpass, the most commonly used password in 2020 was ‘123456’, with ‘password’ following close behind.
“People think of hackers as a dark figure who hides in a basement somewhere intercepting data, but the reality is that there are lots of different ways that our data is at risk including from malware, ransomware, and phishing attempts. There’s lots of value in your data and lots of different reasons and purposes why people want it.”
The tools that are used to hack passwords are easily accessible. They can run hundreds of thousands of combinations within a few seconds. Add in technology like keyloggers that can be remotely installed on your machine, and it doesn’t take long for passwords to be hacked.
That’s not to say that passwords aren’t important, and there are ways to ensure your passwords are as strong as possible. But they’re just one of the basic tools in your security toolkit. Read more about how protect and manage your passwords.
Letting your guard down
Moving from the office to working remotely also opens up the possibility of reduced protection from office-based firewalls.
“When workers are within the office environment, they’ve got some protection if they’ve got decent passwords and their data is behind a firewall,” says Gary. “But now those workers are at home and using consumer-grade internet and no firewall. Your data is unencrypted, and the network is not as secure which makes it accessible to a breach.”
But the good news is that setting up robust security for remote workers is not difficult. The best option is through multi-factor authentication (MFA), sometimes known as ‘two factor authentication.’
The ultimate safety net
MFA essentially means you have an additional security step to prove who you are beyond just providing a username and password to log into an account. This could mean authentication via a mobile phone, a USB-based security key, or an authentication app. It’s a simple step, but it makes accessing your data exponentially more difficult for anyone who isn’t authorised.
“There’s a misconception that MFA is a complex, time-consuming process,” says Gary. “But in fact, it’s very easy and takes just 5-10 seconds of extra login time. And when you compare that to a security breach that could cost dearly – both in time and money – the decision to use it is very straightforward.
“We recommend cloud-based products like Microsoft Azure AD which requires two or more forms of authentication such as a password, a mobile phone or hardware key, or biometrics such as a fingerprint or face scan.”
Azure has an integrated directory service, so once you’re authenticated and your profile loads, that then authenticates you to access any other integrated systems you have in the cloud.
So many of us are now working remotely or while we’re mobile and on the go, and that’s never going to change. We’re logging in to cloud-based accounts while we’re sitting in coffee shops or on public transport without the security of a highly encrypted virtual private network.
A very real threat is the possibility of account hijacking. For example, if your Office 365 account is hacked and taken over, the hacker could exploit it by sending malicious emails which appear to be legitimate, they can access data stored in OneDrive or SharePoint, and pretty much do anything they like with it.
“Some people still think MFA is something sophisticated that is really only needed by big corporations,” says Gary. “But in reality, it’s something we should all be using as a bare minimum.”
The mindset that ‘no one would be interested in my data’ is a dangerous one. It’s a common misconception that hackers only target large corporations with valuable databases. The unfortunate reality is that any business or individual who has gaps in their security are very likely to eventually be breached.
“You’ve got to have that double layer, because you can still have your password intercepted, but you can’t intercept MFA. So if someone tries to log in to your profile, it’s going to trigger an authentication request which they can’t complete.”
Gary’s advice is not to wait until it’s too late. “MFA is easy to set up and very much worth the peace of mind in knowing your business is safe, wherever your staff are working from.”