The important of 2-step verification – passwords aren’t enough.
Although the media is obsessed with hackers and viruses, many security breaches are caused by weak passwords. If cyber criminals can’t convince users to disclose their passwords willingly, they use brute-force cracking techniques to “guess” logon details instead.
Some people make this process incredibly easy by using a common password. If your password appears on this list, you are already doing the hacker’s job for them.
But as computers become more powerful, even “complex” passwords can be cracked eventually. Passwords simply do not offer the level of security you need to protect your business data.
Introducing 2-step verification
The solution is to add a second layer of security, known as 2-step verification. G Suite by Kimbley IT uses this technique to protect your data for instance.
Users log into the system using a password as normal, but are then asked for a second code – typically a six-digit number. This number is not chosen by the user however. It is randomly generated by the service, and sent as a one-off text message to the user’s phone.
Even if a hacker does manage to crack your password, they still cannot gain access – unless they have also stolen your phone. The code also changes at every few seconds, so hackers can’t reuse old ones either.
To make accessing your account using 2 step verification even more frictionless, Google recently introduced Google Prompt removing the need to enter a six digit code - now you only have to approve the notification that pops up on your mobile’s screen.
The stupidity of not using 2-step verification
Ultimately your business should be using every means available to protect your data. When the General Data Protection Regulation (GDPR) comes into force next year, your business faces potentially huge fines for allowing customer data to leak. Implementing 2-step verification greatly reduces the risk of your security being compromised, and proves that your business has taken steps to improve defences.
Most 2-step verification services and apps are free too, so there’s absolutely no reason for not using them. And when run alongside a password manager such as LastPass you have really bolstered your security.
In fact, failing to activate 2-step verification is like going on holiday and hiding your valuables under the bed in your hotel room, rather than using the free safe in the wardrobe. If burglars can get past the lock on the door, stealing your goodies is simple. But put those valuables in the safe, and there’s almost no chance at all of becoming a victim (unless you choose a stupidly simple code).
There is absolutely no comeback if you fail to use the safe provided. Which is why most hotels clearly state that they accept no responsibility for valuables stolen from outside the safe.
There is absolutely no comeback for failing to use 2-step verification either. If your data is leaked because of a bad password choice by one of your employees, the fault lies with you for failing to use all of the security measures provided with your IT service.
If you do end up being prosecuted for losing personal data, the Information Commissioner will consider whether you have used all appropriate safeguards when determining the applicable level of punishment. If you don’t have 2-step verification enabled, can you honestly say that you have applied every measure to protect sensitive personal information?
To learn more about using 2-step verification to protect your systems and data, or about the superior security measures available in G Suite by Kimbley IT, please get in touch.