Dresner Group Blog
Why 2FA is Worth the Hassle
Cybersecurity has become front and center due to a rash of ransomware attacks hitting businesses, and more and more high-profile attacks happening every year. Despite the understandable concern, your business doesn't have to be a victim. By enabling 2FA, you can significantly reduce your exposure. Unfortunately, many companies feel that 2FA is too much of a hassle to implement and opt out. If you think this way, give us five minutes to convince you why 2FA is worth it.
Two-factor authentication (2FA) is one of the most powerful tools your business can utilize to protect your data from being compromised by cybercriminals. Its effectiveness relies on the requirement for at least two verification types, the password and another form of proof, to establish identity.
How Does 2FA Work?
As the name indicates, 2FA requires two different authentication factors to be used to gain access. These factors are a combination of three different criteria as follows:
- Something you know, or credentials. like a password or PIN number.
- Something you own, or physical verification, like a security key, your smartphone or a dongle.
- Something you are, or biometrics, like your voice or a fingerprint.
Ironically, the very thing makes 2FA valuable as a security measure seems like a hassle for many businesses.
Who hasn’t gotten to work and went to log on to their computer before they realized their phone was dead and they didn’t have a charger... or worse, that they forgot their phone at home? 2FA can render them unable to log into their workstation until they can borrow a charger or have tech support grant them temporary access to their computer. If this happens enough times, it isn’t hard to imagine your team deciding 2FA is too much trouble and will begin to rebel against using it.
Yet, despite these misgivings, 2FA can still be a cost-effective and efficient cybersecurity solution.
Some Tips To Make 2FA Easier to Implement
If your team is having difficulty adjusting to 2FA procedures, you can take steps to make the process easier for them to adhere to. Some things you can do to remove the risk of a team member not having access to their phone include:
- Instead of using their smartphones as a secondary method of verification, offer them a security key. Implementing security keys is worth it because they are convenient and easy to carry. For example, your team members can attach them to their keychains, reducing the chance of them forgetting them. Security keys aren’t cost-prohibitive, with the Yubikey starting at around $25.
- Utilize biometrics such as a fingerprint reader either as part of a keyboard or a standalone device. Since these devices remain in the office at your team’s workstations, there is no risk that they will not have access to them.
- Use an authentication app: Authentication apps are a better alternative to receiving an SMS on your phone. Unlike SMS, they aren’t tied directly to your phone network and can’t be intercepted as easily. Authentication apps offer a variety of methods to verify your identity. You can receive a code, a call, or click a “yes” box to confirm. There are various apps to choose from, but the most popular are Google Authenticator, Authy, and Duo Mobile.
Why 2FA is Important to Your Cybersecurity Plans
As you’re aware, there has been a rise in ransomware attacks. These attacks often originate as phishing attempts, which either trick a user into providing sensitive credentials or include an infected attachment that triggers the installation of ransomware. This software will essentially trap all of the files on the computer until a ransom is paid.
By now, it should be easy to recognize how 2FA would have added the layer of protection needed to reduce the possibility of the cyberattack being successful. This is because the cybercriminal would not have access to the second verification methods required to progress further into the system or account.
2FA should be set up to protect your email, your most important online accounts, and anywhere that you store important information. Even your social media accounts should have 2FA enabled.
Smaller Columbia Businesses are Targets Too
While it may be comforting to believe that since your business is smaller and not located in a significant metropolitan location, it holds no interest to a cybercriminal, you would be mistaken. Cybercriminals are aware that, unlike larger businesses, most smaller companies haven’t invested the required resources into developing a cybersecurity plan, such as 2FA. This vulnerability makes Columbia and all Maryland businesses like yours a target for a data breach, regardless of their size. Your business targets cybercriminals because if they can access it, it allows them an easier route to gain access to the enterprise-sized companies whose data they want access to.
It Can Be Too Late To Develop A Cybersecurity Plan
While there is nothing inherently wrong with being an optimist, there is a harsh reality regarding cybersecurity. If you’re the target of a successful breach, and if you’re not prepared, there is very little you will be able to do after the fact. Once a cybercriminal has your data, they are in control of your business. Even if you pay the ransom, there is no guarantee they will release your information. While 2FA provides an extra layer of security, the most important layer of security lies in your backup.
Backup and Disaster Recovery Is Critical
While 2FA functions as an extra security “door,” cybercriminals are creative and find ways to overcome it. This is why the only way to safeguard your data truly is with a backup and disaster recovery plan (BDR). With a BDR in place, the threat of a data breach and the accompanying ransomware demand won’t require a desperate measure of either paying and hoping you get your data back or not paying and hoping you can recreate the data you lost. Whether due to a natural disaster or human error, backup is crucial to save your business from disaster.
As one of the most tech-savvy areas in the country, Maryland’s large amount of technology-focused businesses are sure to attract the attention of cybercriminals. Don’t be caught off-guard! Now is the time to invest in 2FA and protect your business against a phishing attack, lost data, or other disasters before it’s too late.
As a local business, Dresner Group understands the Maryland business environment and can develop the security solutions right for your business; 2FA is just the first step. Call 410-531-6727 to schedule an appointment or cybersecurity audit.