Two factor authentication (2FA), or multi factor authentication (MFA), is a hot topic within IT and cyber security at the moment, yet the uptake from many businesses has been slow, leaving them vulnerable to some of the most common cyber attacks. But what is it and why should you be using it?
— Worth £1,495 —
We’ll analyse the security of your existing IT network, your email domain, your website and, if applicable, your Microsoft 365 software to see how safe you currently are. Want to know more?
If you’ve never come across this term before then one of the easiest ways to think about it is by comparing it to how we use a credit or debit card. In this scenario we need two forms of authentication – the card and a pin number. Without one or the other, it can’t be used (we’re ignoring contactless for the purposes of this analogy!).
If you apply the same login to accessing someone’s email account then in theory we need two things again – the username, or email address, and a password. However, because email addresses are often in the public domain, or are easy to guess, it only leaves one form of authentication; the password.
If this password can be easily guessed or extracted from the user, then an account can be accessed.
Two factor, or multi factor, authentication provides a much more secure additional level of protection which requires a user to ‘approve’ a login, normally through a notification on their mobile phone. When you consider that mobile phones will have a level of protection on them too (such as a passcode or fingerprint), then we actually create multiple levels of protection on our accounts.
Unfortunately, as we say all too often, attempts to hack businesses are far too common and one of the most popular ways of doing that amongst cyber criminals is to ‘trick’ a user into giving away their password.
You’ve probably received an email that appears to come from someone in your address book asking you to access a file they’ve sent you. If you were curious enough to click on that email you’d be taken to a login page, normally looking like your Microsoft 365 login screen, and prompted to enter your username and password.
By doing this, you won’t access the file (there probably wasn’t one) but you will unknowingly be giving away your password, which in turn is likely to be used to send out similar emails to your address book. In the worst case scenarios your email could be monitored and opportune emails be sent from your address to unwitting customers or colleagues asking them to transfer money or download malicious files.
It’s a very simple hack, but very effective.
Even if you did send an email back to the sender to inform them of the potential problem, the hacker will have set up an email rule to automatically delete your reply, so your contact will be none-the-wiser and the hack will continue until they are told another way
By far the most effective way to stop this type of attack is through two factor authentication. That way, if a password is leaked then the account cannot be accessed without the additional approval needed.
Just like the simplicity of the attack, the solution is simple too.
This is probably the biggest objection we hear when it comes to implementing a multi factor solution.
There’s no way around it, as it does mean that every user has to take an extra step to login, but in reality it’s quick and easy (you can see how quickly on the video on this page). If users don’t want to install an application on their phone there are alternative option for this too.
In a nutshell, it’s a small inconvenience for a huge level of protection against a very common threat.
The most basic and essential level of protection for most businesses comes from Microsoft within the Microsoft 365 suite. This solution will protect your Microsoft account, and most importantly your emails, with a two factor authentication solution. If you have already got a Microsoft 365 subscription it is likely to be included in your package already, so it’ll only cost you in terms of the time to set it up and configure it.
To protect other things, including devices and non-Microsoft applications, there are a range of solutions available which we can provide, protecting any potential hacks against physical devices and any data within your applications themselves.
If you’d like to find out how we can help or which solution would be best for you, just request our free cyber security review on this page.
Our organisation consists of three businesses; HBP Systems Ltd. Kamarin Computers Ltd and Jugo Systems. HBP are based in Lincolnshire, Kamarin in Cambridgeshire and Jugo in Hampshire. Between us we cover the vast majority of the UK and work under The HBP Group name to provide a seamless service between our northern and southern offices.
About UsWe specialise in providing IT solutions and support to businesses to ensure they use technology effectively and efficiently and can focus on what they do best – running their business.
We offer a wide range of cyber security related products and services that help businesses protect themselves from cyber crime, but if you’re looking for something specific then the following options are the most popular and widely used options…
Protect your businesses PCs, Laptops & Servers.
Protect your business from external threats with a UTM device.
The ultimate protection for lost and hacked passwords.
Worried about staff clicking on malicious emails?