Why Two-Factor Authentication and Password Policies Are Critical for Securing Your Business (and How To Implement Them)

In an era where the average cost of a single malware attack on a company has risen to a catastrophic $2.4 million, it's safe to say that cybersecurity has never been more important than it is right now. But at the same time, this demands the question: in a world where even large corporations like Yahoo and Uber can become victims overnight, what chance does your small business really have?

In truth, you have a great one — provided that you're approaching business security from the right angle in the first place. The fact of the matter is that you don't actually need to outspend the hackers and other people around the world who want to do you harm. 

You just have to outthink them.

That, of course, requires you to keep a few key things in mind about passwords and techniques like two-factor authentication in particular. 

The Foundation of Business Security Rests in Password Security: Understanding Your Risks

Another recent study revealed that out of all the cyber attacks that hit organisations around the world every year, a massive (and unfortunate) 90% of them begin in the exact same way: through human error or behaviour. 

That's right. A successful cyber attack isn't like it appears in Hollywood feature films. More often than not, someone was able to take advantage of a loophole created by one of your employees and your business paid the price. Sally from Accounting clicked on a link she wasn't supposed to. Bill from your Development Team left his work-connected smartphone behind in a taxi. 

Alternatively, the people in your business may be using unsafe or otherwise unsatisfactory passwords for critical accounts, something that is true an astounding 86% of the time.

Therefore, if you really want to tighten security for your business, issues like passwords are precisely where you need to begin.

What You MUST Know About Safe Password Policies

The chasm between an unsafe password and a highly secure password is a deep one, indeed. Generally speaking, you should write into your business' IT and security policy that all passwords need to meet as many of the following criteria as possible:

• They can't just be common words like "Password" or "Password1." They need to be combinations of numbers, symbols, and other special characters. Even something like "P@$$word1!" is far more secure than either of the two previous examples, despite being just as easy to remember.

• You should never allow an employee to use the same password for multiple accounts — particularly a mixture of personal and business accounts.

• Your employees should only be logging into work accounts via these passwords through a secure connection. If you have remote employees, consider investing in a VPN service on their behalf. If you have a Wi-Fi network in the office, make sure you're using WPA2 wireless encryption.

• The longer the password, the stronger it is. An eight-character password is good. A 16-character password is better. Will it be difficult to remember? Possibly but that's what password managers are for.

Any passwords you use should, at a minimum, meet these criteria. Yes, "MyBusiness99" is easy to remember but it's also easy to compromise. "*775%%((#@@-bu$$iness" is a far safer password because its long and it uses combinations of numbers, letters and special characters that are difficult, if not impossible, to guess.

Two-Factor Authentication: Protect Your Business by Protecting Your Employees

Another key tip you'll want to use when tightening your business security involves enabling two-factor authentication on any account that supports it. Also referred to as 2FA for short, two-factor authentication requires additional credentials beyond a simple username and password to help verify someone's identity before they're given access to a particular account.

Let's say one of your employees is trying to log into your work network remotely on a system which is 2FA-enabled. When they type in their username and password and click "Login," they're immediately sent a one-time code to a smartphone or other mobile device via an SMS text message or email.

They need to provide that code in addition to the other credentials before they get access. If they can't, they won't be able to.

The Exceptional Security Benefits of 2FA

Even if someone's username and password becomes compromised, a hacker still wouldn't be able to gain access to your network without that one-time code. They would need physical access to the trusted device and the chances of someone halfway around the world having all three at the exact same time are slim to none.

As a bonus, the fact that a one-time code was generated when your employee wasn't trying to log into their account means that you'll instantly be alerted to the fact that something untoward is going on.

Other Essential Security Considerations

Going beyond practicing safe passwords and enabling two-factor authentication as outlined above, there are also a number of other steps you'll want to take to provide better security for your entire business. These include:

• Making sure that all of your computer software is always patched and up-to-date. Patches don't just bring with them new features, they also fix security vulnerabilities that could leave you exposed.

• Using a firewall. This gives you the ability to enforce all incoming and outgoing traffic for your network, allowing only authorized activity to pass through.

• Educating your employees about public Wi-Fi. If your employees need to use public Wi-Fi on a work computer to do their job, make sure those machines and devices are set up with a VPN (virtual private network) to make sure everything they're doing is safe and private. 

• Educating your employees about the risks and making sure both new hires and legacy employees know how to identify phishing scams (the most common type of cyber crime affecting SMEs), spear phishing, malware and more. Make an effort to engage in this training at least once a year, if not more often, so they're always aware of new threats as they emerge. 

The Decisions of Today Impact the Business Security of Tomorrow

Again, technology security isn't just important in the short-term — it may be one of the most pressing long-term problems you face, regardless of the industry you're operating in or the market you're trying to serve. The cybersecurity climate is only going to become more volatile as time goes on. By taking steps today to create better password security practices, to enable two-factor authentication and to follow other business security tips, you're doing your part to protect the digital future upon which your entire organisation will be built.

If you'd like to find out more information about why better passwords and two-factor authentication are the best chances you have at tightening security for your business, or if you have any additional questions that you'd like to see answered, contact Powernet today.