Cyber-security is an integral part of risk management for any organisation. Cyber-criminals are capable of executing devastating attacks that can result in financial losses, reputational damage and government fines. With those potential consequences in mind, employers should be mindful and take any precautions that might be able to protect them, such as using two-factor authentication.
Two-factor authentication requires employees and other authorised personnel to prove their identity and qualifications to access certain files or systems. For example, while many services may require users to enter a password, two-factor authentication goes one step further by requiring a second piece of information.
Using two-factor authentication can provide a strong second layer of cyber-security for organisations, inhibiting criminals from breaching an organisation’s data with only a stolen password. Since hackers can steal even strong passwords, these cyber-criminals could gain access to important accounts, private systems, customer files and other sensitive information without a required second form of proof.
The National Cyber Security Centre (NCSC) recommends organisations set up two-factor authentication on any ‘high value’ accounts that protect particularly important information. It’s also recommended to use this type of cyber-security for email accounts, as hackers who gain access to an email account may then be able to use that to reset passwords for other accounts and services.
Many online services may inherently have two-factor authentication enabled. If this is not the case, the extra security can often be turned on in the security portion of an account’s settings.
There are a number of different options when it comes to two-factor authentication, including:
Organisations should consider consulting qualified cyber-security professionals to determine what type of two-factor authentication would be optimal.
Once two-factor authentication has been established, many users will only have to prove their identity in certain situations. For example, when logging into an account from a new device or attempting to change a password, the additional security may be activated.
The NCSC hopes that, eventually, two-factor authentication will be offered on all online services that deal with personal data, finances or other valuable information. For now, employers should be sure that if two-factor authentication is not available for important accounts, then strong, unique passwords are used and changed regularly. Organisations may even want to consider switching services altogether to an option that does provide this additional level of cyber-security.
For more information on cyber-security, contact us today.