Business IT security is more critical now than ever before but as a business owner what exactly can you do to protect your business?  It seems that no matter how much you spend there is an endless list of new threats that need more time and money spent on them, so why bother.

Cyber security is much like traditional security, there is no end to the amount you could spend to improve the security of your business.  For example your premises security might comprise of:  floodlights, alarms, police response, security cameras, shutters, fencing, security guards.  However, we all know that a determined criminal could break in if they wanted to.  Your aim is therefore to do enough to deter the vast majority of criminals. Once they realise the effort required, most will move on to easier targets.

Over the next few articles we will look at some of the basic steps you can take to protect your business from cyber attacks.  Let’s start of with an easy one which is called 2FA or MFA.

What is 2FA or MFA?

2FA, two-factor authentication and MFA or multi-factor authentication are often used interchangeably. They mean fairly much the same thing in the world of IT security.

When you log into a website, program or application you normally need a username and password. What is becoming more common is the need to input another piece of information such as a code.  For example, it might be a SMS text sent to your mobile phone.  This code is essentially the 2nd factor that is required to authenticate who you are, hence the name “2FA”.

Essentially you might describe it as:

  • Something you know, like a PIN number
  • Something you have, like a smartphone or secure USB key
  • Something you are, like a fingerprint or facial recognition

Why use 2FA as part of your business IT security?

Having to enter 2 or more bits of information increases the IT security level manyfold. Think of it like chip and pin for your credit card.  If you lose your credit card then a criminal has the potential to go to shops and use contactless payment but at some point they will be requested to enter the 4 digit pin.  Without this secondary piece of information, the card is now useless and will not work again.

2FA is designed so that even if your password is compromised then your account is still safe.  Without the second piece of information the chance of an account breach is close to zero.

Surely passwords are safe?

Passwords are normally quite safe but they do have some weaknesses that make them more vulnerable than we imagine.  Some of the more common issues:

  • People sharing passwords
  • Writing down or storing passwords (without a password manager)
  • Using simple passwords
  • Reusing the same password on multiple sites
  • Using personally identifyable information such as childrens names or birthdates.
  • Websites being hacked making user credentials available

How is 2FA different to a password?

2FA often utilises a piece of information, such as a code, that is only valid for a short period of time – 30 seconds to 5 minutes are quite common.

Now in order to access your account a criminal would need to guess your username, password and this second code that changes each time you try to log in.

As you can see this is highly unlikely and is the reason that 2FA is a simple addition to your business IT security toolbox.

How 2 factor authentication works

Using 2FA

Given that most people carry a smartphone, they lock it and it rarely leaves their side then this is a great way to use 2FA.  There are many apps available to download but the most common are Microsoft Authenticator and Google Authenticator.

Once downloaded then 2FA needs to be turned on within the account settings of the website and it will normally give a QR code for the app to scan.

Once complete the app generates a random code that is valid for 30 seconds and without it there is no way to access the account.

Where to use 2FA

Many places such as banks have enabled 2FA already and it is not possible to utilise their services without this second code.  Banks tend to use SMS text or their own card readers but it is essentially the same thing.

My suggestions for 2FA are:

  • Microsoft Office 365
  • Email scanning accounts
  • Critical business applications holding sensitive information (CRM for example)
  • VPN connections to servers
  • Anywhere a compromised account could be catastrophic

Do you need help?

Have you got to this point and thought – “Yep, I need to do something now but I haven’t got time”.  Maybe you want to implement this yourself but need to check a few things first. Either way we are happy to help.

As a managed IT service company we spend our time helping businesses to get what they need from their IT systems and we would be happy to help you too.  Click the button below and  get a free 15 minute consultation to discuss your business IT and what you need help with.

Our guarantee:

  • There are no hidden charges – this is a 100% free 15 minute consultation with no hidden charges.
  • We will never spam you or sell on your contact details.
  • We will treat your information with absolute confidentiality.

Other Posts for you to Enjoy

 

Windows 10 Extended Security Update

Windows 10 End of Life is in October 2025 but Microsoft is now allowing the purchase of an Extended Security Update. With different options for businesses and individuals this article looks at what is included in the program and likely costs for subscription.

Let’s operate in the “Arena”

  Introduction Back in 2002 the media did their usual frenzied attack on Donald Rumsfeld after he introduced them to the conept of "Known Unknowns" and "Unknown Unknowns": “Reports that say that something hasn't happened are always interesting to me, because as...

Happy Birthday Absolutely PC

Absolutely PC celebrates its 18th Birthday in March 2023.

What is the difference between a MSP and IT support

What is the difference between IT Support and a managed service provider (MSP). By understanding the difference you will be better able to choose the right type of support for your business.

LastPass Security Breach

LastPass is a password management utility and application allowing companies and people to store their passwords. After a recent breach there are some serious security issues that need attention. This article looks at what these issues are and how to re-secure your passwords.

Backup Disaster Recovery – Protected

Backup disaster planning allows your business to recover quickly and simply and has an affordable budget which is consistent. Choosing what, how and where to backup will be explained within this series of articles and allow you as a business owner to make an informed choice about how to protect your business.

Backup Disaster Recovery – Backup Options

Backup disaster recovery includes onsite and cloud-based backup options. Which is the best option for your business and what is the difference between them.

Super Deduction, HMRC pays for IT

HMRC have a tax relief available called super deduction. Super deduction allows your business to buy IT equipment and offset 130% of its cost against your corporation tax. In order to take advantage of this relief you need to purchase equipment before 31st March 2023.

Backup Disaster Recovery Plan – Data

“What data to backup” is the first step in backup disaster recovery planning and is a key part of your IT emergency response plan. This article looks at some of the data that is often forgotten. By ensuring you include all of the data your business depends upon, you maximise the chance of recovery when it is needed.

Disaster Planning

Is Disaster Planning a useful exercise?  For this business, the worst nightmare possible happened last weekend.  They had a major fire!  What actually happens when a fire occurs in a business and is it something you should plan for? Today we look at planning for the...

Cyber Security Infographic

With cyber attacks becoming increasingly common for businesses of all sizes, it is critical that your organisation understands the most common types of cyber attack and what you can do to protect yourself. Take a look at our cyber security infographic which takes you...

Another Cyber Security zero-day exploit

On 9th November Microsoft released a fix for Windows based computers that allowed an attacker to take control of your systems as an admin.  This was known as CVE-2021-41379 and was the latest in a series of cyber security issues involving Elevation of Privilege...

Windows 10 Extended Security Update

Windows 10 End of Life is in October 2025 but Microsoft is now allowing the purchase of an Extended Security Update. With different options for businesses and individuals this article looks at what is included in the program and likely costs for subscription.

LastPass Security Breach

LastPass is a password management utility and application allowing companies and people to store their passwords. After a recent breach there are some serious security issues that need attention. This article looks at what these issues are and how to re-secure your passwords.

Have you made these IT upgrades?

Technology is constantly changing and adapting; as such, it is important to always stay on top of upgrades to ensure you are running at optimum efficiency. At Absolutely PC, IT upgrades are a necessary and consistent part of our monthly and annual maintenance...

How to Protect your Business from Cybersecurity Threats

With UK small businesses targeted with 65,000 attempted cyber attacks per day, having robust measures to deal with cyber security threats is more important than ever. The recent attack on SolarWinds proves that no business is safe from hackers and that businesses both...

Can your business cope with winter disruption?

Thanks to the unseasonably mild weather we’ve enjoyed this autumn, it’s easy to forget that winter, and all the potential havoc it can wreak, is soon to follow. It’s hard not to feel that our weather has become more unpredictable and freak storms just aren’t, well,...

WordPress Security – Attacks leave 1.6 million sites damaged

Are you confident that your WordPress website is secure? Yesterday, on the 9th of December 2021, 1.6 Million WordPress Sites were Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs. It’s safe to say this is a major concern to businesses everywhere. WordPress...

Man In The Middle – Behind the Hack [Video Guide]

Cybersecurity (cyber security) is a buzzword that seems to have appeared relatively quickly in the world of business IT.  If you search the term “cybersecurity” or “cyber security” on the BBC News website, there are currently 29 pages of articles from the last 2...

IT Security: Zero Day Attack – Take Action Now

A new zero day attack is in progress and it threatens all computer systems that have Microsoft Office installed. A simple piece of code will thwart this attack until Microsoft have had a chance to release a patch