The news about data breaches and hacking is everywhere. It is very important to keep up security and we show you why you need 2-Factor authentication.
I feel barely a week goes by and we hear about another major breach, often it is personal data. Unfortunately more frequently we hear of either data breaches from phishing attempts, workers accidentally leaving company devices in public places and hacking attempts leaving companies with a potentially catastrophic situation for their business.
One common way accounts are breached is through E-mail and the use of phishing, for example there are many fake E-mails who pose as Microsoft and target users by pretending to present the user with a legitimate Microsoft login but it is completely fake.
Other options criminals take is to infect a machine with a key logger, every keystroke is then sent on to a third party and once they capture essential passwords accounts are often taken over and used for scamming attempts. Not only can the victim be affected but then their system suddenly can be the culprit too.
My Password For This Site Is….
In our experience in dealing with people we find out they tend to use the same passwords for every website. Doing this will mean if a website is breached they will then have the password for every other site. You may think that they won’t know the sites you use, although true they do use software to attempt to guess user accounts and passwords from a lot of websites and after providing a password that job just became so much easier.
You Need 2-Factor Authentication
I keep repeating this statement but it is so true, by not using 2-Factor authentication you are leaving yourself truly open, how many passwords do you think we can truly remember? I mean if you have set your password to a mothers maiden name, first pet 123 or a child’s name then you can almost guarantee you could be easily targeted.
A typical usage would be to use a personal word with a few numbers at the end and as businesses tend to operate a password policy of 30 – 90 days this is an all too frequent usage scenario.
2-Factor Authentication commonly referred too as 2FA or Multi-Factor is an additional step to ensure your safety. Consider that you managed to successfully add 2FA to your account and suddenly you receive 2FA code but you never requested a code? Well typically this would give a good indication it is time to change your password and secure your account.
Once 2FA is added either 2FA will be request a new 2FA code on every attempted login or you can often trust the source and stay logged in. There are dangers to doing so as if your account is breached the hackers can gain access until you make changes that cause your session to expire.
I Only Use Social Media Do I Really Need 2FA?
YES! Sorry for the outburst, but since the recent Facebook breach protecting your passwords is very important. We are increasingly seeing App signups available using Facebook and Twitter logins, protecting your accounts should be of the upmost importance even if you think your data isn’t important.
Without 2FA a sudden leak of your password and the person involved would now have access to all your accounts.
Would A Breach Really Impact Me?
Since the introduction of GDPR a breach can have major ramifications, consider a breach causing a leak of company data, now you would need to report that to the ICO (Information Commissioners Office) and also to your customers, not only embarrassing but there are financial implications too as GDPR introduces major fines in comparison to the small amount the DPA act used to impose.
What is the maximum administrative fine under the GDPR?
There are two tiers of administrative fines that can be levied as penalties for non-compliance:
- Up to ?10 million, or 2% annual global turnover ? whichever is higher.
- Up to ?20 million, or 4% annual global turnover ? whichever is higher.
A fine under GDPR could truly cripple a company into liquidation.
Missed protective action when GDPR came into play? It Is not too late
Take action now, if you lack adequate protection in your business then you may need Virus & Malware protection or get in touch to see how we can help.
We will help get you setup properly.