What do the celebrity photo leaks, DropBox’s password security breach, and nearly all of the most recent high- and low-profile security breaches have in common? Passwords Management. These data breaches began with cracking users’ passwords. Passwords are the weakest link. They’re both easy to steal and notoriously easy to crack. Hackers, viruses, and malicious software like keyloggers regularly harvest passwords, compiling them into massive databases that are often shared with other hackers. Despite the pleas to use strong hard-to-crack passwords, many users continue to rely on weak easy-to-remember passwords.
While you may not be concerned with how your employees secure their Google and Facebook accounts, you should be concerned with how they sign into your company network and its various digital properties. All it takes is one weak password such as “fluffy2017” or “password123” to put your company’s most sensitive information at risk.
Moreover, you may never know if your network has been breached. Your system logs will only show you a successful login; they won’t be able to tell you if the user who signed in was the actual user or an imposter.
For security reasons, companies use two factor authentication to verify that the person who is attempting to access the network is the real person. The first factor is usually a username and password (strong, please) followed by a second factor that proves the person is who they say they are.
Common Two-Factor Authentication Factors
In a nutshell, two factor authentication can use any two of the following three factors:
1. Username/password
2. Something in the user’s possession like a mobile phone or computer that can receive email or a text message containing a one-time verification code
3. A biometric like a fingerprint, facial recognition, voice recognition, or a retina scan
This two-step verification process creates a significantly more secure environment when you have employees who must access company-sensitive files both remotely and from within the office. By using two factors, even if a hacker guesses or has access to a user’s username and password, the second factor completely blocks access because the hacker simply does not possess that second factor.
From a management perspective, enforcing two factor authentication makes perfect sense and is essential in securing your network. From a user’s perspective, it may seem like an extra step, and they may not understand the reasoning behind the change. If you make two factor authentication optional, you may find that few users actually use it. At the same time, if you make it mandatory, you’ll need to address employee concerns as well as make sure that everyone has access to compatible devices, key fobs, or biometric scanners which are used to authenticate the second factor.
Inform Your Employees
As with any major change, participation rates improve when users understand the reasoning behind the change. Below are a few tips to help communicate the importance of two factor authentication.
- • Give them advance notice so that they aren’t caught off guard when you fully implement it.
- • Explain why you are requiring two factor authentication (to secure your network from breaches that have adversely affected other companies large and small).
- • Make it personal. For example, employees may be casually concerned about hackers gaining access to the company’s bank accounts but they’ll be much more invested when they realize that hackers could infiltrate your payroll records and get access to their sensitive information such as social security numbers and direct deposit/electronic withdrawal data. Likewise, a serious breach has the potential to cripple a business, resulting in layoffs or closing the business’s doors for good.
- • Explain the benefits users can expect beyond improved security. For example, if you’ve previously resisted allowing employees to work from home due to concerns about secure remote access, implementing two factor authentication might open the door to workfrom-home days. Likewise, being able to access your company database or shared files from a mobile device while on the go could be something employees have been waiting for. Again, making it personal will help users accept the change and participate wholeheartedly.
Implementing two factor authentication is more involved than flipping on a switch. Choosing the right solution and strategy is essential. Quikteks Tech Support can implement and monitor two factor authentication to your network. Call us today for a free network consultation.
