How to Protect Your Data and Systems From Cyber Attack
Two Factor Authentication (2FA)
Whether you work in the design department, IT department or finance department, you are likely to have come across Two-Factor Authentication (2FA) or Multi-Factor Authentication at some point. With more and more critical data being stored electronically and accessible from anywhere in the world, the majority of cyber attacks today are targeted at obtaining this information. Previously, people secured their access to systems and their data with a simple username and password combination, but this is not always enough to prevent people from obtaining your data.
What is 2FA
Put simply, two-factor authentication is a security method that works with two separate security or validation mechanisms i.e. identifying a user or individual with 2 (or more) different forms of identification. A common example of this is the use of a cash machine or ATM which requires a person to possess a valid bank card and PIN.
There are 3 main types of authentication, these are:
- Something you know, this could be a password, username, code, PIN or a combination of these. This is the most common form and nearly everyone has multiple accounts for business and personal use.
- Something you have, this could be a physical device or piece of software you have that provides the authentication. This could be a token, smart card, card reader, SMS message to a phone or a random number generator app like Google Authenticator. A lot of us would have come across this with our banks where we have a card reader or are sent an SMS text to our phone.
- Something you are, this is not something you carry but is a physical attribute like a finger print, retina or face. Common examples of this are the Touch and Face ID provided on the mobile phones.
Why Do I Need 2FA
Two-factor authentication is normally made up of 2 of the 3 above. If one of these is compromised by an attacker, you should still be protected as they can’t do anything without the other. This therefore greatly reduces the risk of being compromised or breached.
So, the next question is do I need it for everything? The simple answer is no, but I would pose a question to you - what data and systems are important to you and why would you not want to protect those systems from an external party?
2FA allows you to improve the security of your key and critical systems that could be or are accessed from the Internet. 2FA is such a large part of today’s security and is an instrumental requirement for security compliance and certifications like Cyber Essentials. You can learn more about this in our blog post here.
Where Does Excitech Come In
It is a common misconception that 2FA is only suitable for large enterprises. However we believe that small businesses and even individuals can take advantage of the technology without massive costs or disruption to work. Thanks to cloud services and subscriptions, 2FA can be scaled up and down quickly and efficiently at a reasonable cost.
Excitech are happy to discuss what 2FA can do for you, including identifying, designing and implementing a suitable 2FA solution. Excitech are seeing more and more companies offering 2FA for their applications, or being required to implement it for anything Internet facing including remote connectivity for users. This is also becoming more prevalent as a requirement for Cyber Essentials and the General Data Protection Regulation (GDPR).
Don’t be left behind and be an easy target for attack. Call us on 01992 807 444 or email us at firstname.lastname@example.org to talk about 2FA for your business.