We are seeing more and more companies move to using two-factor (or multi-factor) authentication to provide additional security for remote access to desktops, applications and email. This move has been driven by the rise in phishing attacks, and the risk that some staff would fall for them and provide their network id and password. These details would then be used by the criminals to either defraud that company or to launch a fraud attempt against that company’s clients. If you have read about business email compromise, it all starts with the criminals gaining access to someone’s email account.
Using two-factor authentication is a smart move, and doesn’t need to be expensive. There are cloud-based solutions that cost less than NZD 3 per user per month. These can be configured to only require the two-factor authentication when you or your staff are logging in from outside of your office.
There are usually a number of options for authentication (in addition to your username and password). These can include:
- Receiving a phone call on your mobile – you press # to authenticate
- Receiving a notification via an app on your smartphone – you press the authenticate button
- Receiving a code via text (SMS) on your mobile – you enter the code into the login screen
The most secure is using the app on your smartphone – as both phone calls and text messages can be diverted. Whilst this might seem improbable, there are a plenty of instances where individual staff have been targeted as part of an attempted fraud.
2 factor authentication shouldn’t only be used to protect remote access to your company systems. It should also be used for any cloud-based applications that hold confidential information or could be as part of an attempted fraud. For example, Xero has rolled out two-factor authentication (they call it two-step authentication) as an option for securing access to Xero accounts. They have chosen to use a smartphone app (Google Authenticator) rather than text messages. If you are storing confidential information in the cloud, it is worth checking to see if two-factor authentication can be turned on, and to choose the app option rather than text if you can.
If you would like to know more about how we can help to secure your remote access then please get in touch.