If your company has not been the target of a hacker, it’s just a matter of time before it is. Right now, lurking in the dark web, there are literally billions upon billions of breached log-ins. Odds are, your employees’ information is among them.
We’ve all heard about the big breaches of retailers, hotels, internet companies, banking sites and credit reporting agencies. Information stolen in these breaches such as passwords, card numbers, addresses, names, even social security numbers are then funneled into the dark web for hackers to purchase. And although these breaches largely affect consumer data, your business data is also under attack. Each day phishers and scammers launch over 16 million emails in hopes of luring you and your employees to click a link or enter data that puts your passwords and your data at risk.
Scary stuff, right? But you don’t have to be a sitting duck. There are steps you can take to help prevent hackers from getting into your systems, even if they have your password. But before I reveal what this incredible anti-hacking tool is, let me just quickly go over the basics of password policies that every company should implement.
Use complex passwords – use at least eight characters (or more!), add special characters and don’t use information such as names, special dates, addresses, etc.
Change your passwords often – every 60 days on passwords with access to sensitive information such as your network or banking accounts.
Don’t use the same password for access to multiple sites.
Do use a password vault such as LastPass, 1Password or Keeper so you won’t have to memorize every single password you have (see No. 3 above).
Create strict password policies at work – never share passwords, don’t write your passwords down, use unique passwords for each system, don’t store passwords on your network or phone.
So, now that you’ve got the basics of password protection down, let’s talk about the number one tool for preventing hackers from getting into your system. Drum roll please …
Two-Factor Authentication is Your Secret Weapon Against Hackers
Two-factor authentication (2FA) strengthens your defense against hackers, by requiring two methods to verify your identity and access your accounts and systems. Basically, 2FA uses something you know, like your username and password, with something you have, like a smartphone app to approve authentication requests.
2FA is already required by many financial institutions to login to your online banking accounts. And many consumer and social media sites including Amazon, Apple, Google, Instagram and Facebook, have 2FA capabilities. But 2FA isn’t just for the big guys. 2FA can and should be implemented in your business.
You have several options when setting up 2FA for your business. The two most common methods are SMS and app verifiers.
SMS Verifier – With an SMS (text messages) verifier the user receives a 5 – 10 digit code via SMS on their phone which they then enter into the application for access. The pros of this method are the ease of use and comfort level of the user in receiving text messages. The downside is it requires cell service to use and it is possible for a hacker to intercept a text message or hijack your phone number to gain access to your SMS codes.
App Verifier – An app verifier communicates with your mobile device asking you to approve the login by clicking on the app. Or it can send a one-time rapidly changing code to the user’s mobile device that is then entered into the application to gain access. The benefits of an app verifier are that it works even without cell service and it is more secure than the SMS version.
Between the two, we recommend using an app verifier if possible due to the higher level of security. But an SMS verifier is a good option if the app verifier isn’t available to you.
Affordable 2FA systems are available through companies such as Duo, or through Google Authenticator. And although the systems themselves are relatively easy to install, it does require some expertise and prior planning and testing before using. Partner with your IT provider for a smooth and secure transition to 2FA in your business.
Your company will be targeted by a hacker – it’s not a matter of if, but when. Adding 2FA to your businesses security tool kit will greatly reduce the chances of the hacker actually being able to access your data.
Eric Olmsted is the president of On Line Support, a technology consulting firm headquartered in Vancouver, serving businesses in Washington, Oregon and South Dakota. Eric can be reached at (360) 993-0600 or eric@on-line-support.com.