Why Two-Factor Authentication is Necessary for the Businesses

What measurements does your company have in place against ransomware attacks? In 2020, those attacks increased by 150% and 2021 has even shown an exponential growth (HBR, 2021). One factor for this is that companies and employees have transferred to working remotely during the pandemic and the measurements and policies are still based on a regular office environment (BBC, 2021). Hence, this has increased the vulnerability to cyber attacks and supported the growth of these numbers. Also, the amount paid by the victims of ransomware attacks increased more than 300% in 2020 (HBR, 2021).

So what are some easy measures to put in place to protect your business against those attacks?

One effective way is to opt for two-factor authentication (2FA) in every aspect of the business’ operation. By introducing 2FA, a user is requested to enter an additional token besides the user's normal password. This ensures that if the user uses the same password in multiple places, their accounts are still secured if the password is leaked.

To bring two-factor authentication into effect, all the login mechanisms should be covered by 2FA. Also, other platforms like social media, blogs etc. should have it enabled in the system.?

Identifying high-risk personnels with administrative rights to systems is equally important.

Be sure to train your colleagues so that they can identify phishing emails and refrain themselves from clicking onto any suspicious third-party links. Moreover, strong spam filters need to be in place.

Once 2FA is enabled, the one-time passwords will be delivered through SMS or email, which are often the first forms that companies can adopt to improve the security measures. This method is still considered effective. However, attackers are aware of this and there are multiple examples where attackers could take over email accounts and therefore were able to read the sent token. A more secure way is to have an app on your phone to store these tokens or even a physical token that you carry on your keyring.

A lot of businesses nowadays have adopted 2FA to authenticate identities at various points of their provided user-experience. For example, by re-authenticating if critical changes are being done on a system.

If we look at the bigger picture, no system is error-free and guarantees 100% risk-free sessions. Therefore, as a last measure, do also review your company's cyber insurance policy. Make sure that the effects of ransom attacks are covered and the level of coverage reflects the current reality.

Since no single method of authentication will always be suited for every situation or business case. Sooner or later, companies should opt for something beyond two-factor authentication with behavior analytics to detect suspicious logins and actions and numerous other indicators of identity.

In short, to secure your company's data, enable 2FA and train your staff over and over again to stay vigilant against attacks.

References:

BBC, 26th of July 2021, “Why remote working leaves us vulnerable to cyber-attacks” retrieved from https://www.bbc.com/news/business-57847652#:~:text=A%20recent%20survey,the%20wrong%20hands.%22

HBR, 20th of May 2021, “ Ransomware Attacks Are Spiking. Is Your Company Prepared?” retrieved from https://hbr.org/2021/05/ransomware-attacks-are-spiking-is-your-company-prepared?utm_campaign=hbr&utm_medium=social&utm_source=facebook&registration=success