Two-factor authentication – a method of securing your SME from cyber-attacks

13th of May 2024

Cybersecurity attacks often reach the headlines. Take for example this past week’s MOD contractor portal hack that has seen military personnel’s personal information leaked. However, the most important stories in security aren’t these headline-grabbing tales, but instead the relatively mundane and simple measures that businesses can take to keep themselves secure and operational.

These range from staff anti-phishing training, correct SharePoint access procedures and of course two and multi-factor authentication. Today we’re looking at the latter, you may already know it as that annoying code to log into your online banking, but it offers so much more than that to your business.

But two-factor authentication is something we’ve used for longer than you’d think. Your debit or credit card has a method of two-factor authentication, you need to use your PIN and have the card.

While not foolproof and never a last line of defence, these enhance security and are becoming more and more common.

In this article, we’re going to discuss different methods of authentication, why your business needs to use them, and how you can implement this technology in your business.

What methods are there?

There are various methods of two-factor authentication, including text message verification, push notifications from apps, voice authentication, and secure code generators. Each system has its pros and cons, but with this variety of options, there’s a solution for you to help secure your business.

There’s also another more complicated system called multi-factor authentication, where instead of just a username and password, you sign up with a third piece of information, such as a phone number. You’ll only have to use this when logging in to a new device or when changing a password. Effectively a method of stopping accounts from becoming hijacked.

So why do you as a business need to use two-factor authentication?

The main reason is passwords, while your team can probably be trusted not to use password123 as their login, they’ll likely repeat versions of passwords they’ve had since the day dot in their personal lives, and as a result, your security can become questionable.

Breaches of password databases are more common than many think and it’s more than likely that some of this data is out there on a forum or the dark web – putting your business operations at risk. With more and more businesses using cloud-based software and SaaS solutions, all one bad actor needs is your login details to get access to your business’ data. Leaving the door effectively wide open for ransomware attacks.

A two or multi-factor authentication system negates this risk, not only would the cyberattacker need a login but also need access to the two-factor authentication – so in simple terms a team’s phone.

How do you bring authentication processes into your business?

One of the many advantages of commissioning a company such as Shoothill to work on your new business software platform, or to improve on your current one, is that with a bespoke solution, it’s just that – bespoke. Unlike when using a pre-made solution – you can choose what type of two-factor or multi-factor security your team uses. So if it’s a deal breaker to use text message-based verification in your team, we can work around that and still provide this enhanced security. There are of course other security elements that help, such as being able to dictate where in the world your data is stored and have the team work with your cyber security experts of choice.

But you don’t have to invest in a complete platform to utilise this technology. Many software providers such as Microsoft, Sage, and Adobe have this option built in and it either is active from the off or can be switched on. Alternatively using a team of talented consultants and developers (like ourselves) you can bring this technology into your everyday business.

If you need help implementing this into your business, contact Shoothill today.