Multi Factor Authentication or MFA for short, is something that is virtually zero cost to implement, provides a massive leap in security, and yet, many small businesses don’t take advantage of it.
MFA is a process where in order to gain access to a system, you have to provide two things. One thing is something you know, such as a password, and the second thing should be something you have, like your mobile phone.
Without both of these things, the service or system won’t let you access it, which is exactly what you want if the person trying to access your things is not in fact you.
We’ve used passwords to lock people out of our things for years, but passwords have some serious weaknesses. Too many people use easy to guess passwords. They use the same password on multiple services. They will often write them on post it notes where passers by can see them. These days, criminals can fairly easily trick people into divulging their passwords too, so even if they have great passwords, they are still not great at protecting your business.
By adding another element to the authentication process, and by having that element be something you HAVE rather than something you know, you make it much harder for an attacker to get into your accounts.
Most services will give you a range of options on what you can use for the second factor to login with. You can choose things like receiving an email, and SMS, getting a phone call or a notification or using an authenticator app to get a temporary code.
I recommend wherever possible using the Microsoft Authenticator app to generate a six digit code to enter in. Emails, SMS, Phone Calls and Notifications can all potentially be intercepted by attackers relatively easily, but in order to get the code from your mobile phone, the attacker would have to physically have your phone and be able to unlock it.
A lot of businesses don’t set this up because they mistakenly think they will forever be looking up codes on their phone. This is a misunderstanding of how authentication works in modern systems. Generally, you authenticate once on a given device and retain access to the system for some time. In some cases, that’s indefinitely, but at worst, it’s generally 30 days before you have to prove you are still the real user.
It’s important to take a little time when setting up your security to ensure you have a plan to deal with any problems like losing your mobile phone. Each service you use is going to offer different options, so going through each services options and choosing the most secure setup, with a plan for how to recover from potential future issues is a must.
The problem is you never know how important something is until an attacker takes it over. What’s worse, is once an attacker has access to one service, they will look for ways to leverage that access to get into other things.
The only safe way to run your business is to ensure everything is protected my MFA.
That’s where we come in. As your trusted technology managers we can work with you and your team to secure all the services and systems your business uses. We can document how each service is secured and put processes in place to support current and future team members to be as secure as they can be.
We take the hard work out of it, so you can focus on your business and not need to worry about your account security.
Use the form below to get help in ensuring your business is fully protected with Multi Factor Authentication