Guest Contribution by Mason Hager and John Wilkinson
There has been a noticeable shift in the way that companies access their data. In the past, on-site data servers were the traditional method of data storage. However, as the cloud migration continues en masse, more and more companies find themselves operating a hybrid infrastructure during the transition. Cloud-based networks provide easier access and more capabilities, but can also expose your organization to a higher level of risk, unless managed correctly.
As this shift occurs, the battle against data protection and data privacy becomes more critical than ever. Unfortunately, using “LastName123” or your childhood pet as a password no longer meets the security standards necessary to protect an organization’s data. In turn, increased security measures need to be put in place to ensure that you are the only person accessing your account. Surprisingly enough, small businesses have been at the forefront of these authentication risks. Many have failed to implement these measures and neglect to take preventative action to protect their data.
It’s a common mistake to assume mega-corporations are the only businesses with data worth stealing. A few eye-opening statistics regarding the current state of passwords among small businesses include:
- 65% of small businesses that set password policies do not enforce it
- 60% of small businesses that experience a cyberattack go out of business
- 31% of all targeted attacks were aimed at businesses with fewer than 250 employees.
The password is a company’s first line of defense in protecting sensitive information, so why is there so much negligence regarding such a crucial area of data security? These poorly guarded passwords can seriously damage an organization’s ability to protect its online networks. Luckily there is a preventative course of action your company can take to minimize breaches against company data.
To better ensure the protection of user accounts & company data, businesses (of any size) should absolutely utilize an account security process known as Multi-Factor Authentication. Multi-Factor Authentication (MFA) creates extra security layers between the user and the application/account they are trying to access by requiring two or more separate steps to verify their identity. These ‘steps’ can be broken down into three main categories*:
Something you know: password, PIN, security questions, username, etc.
Something you have: smartphone, One Time Password (OTP), token, etc.
Something you are: biometrics (fingerprint, facial/voice recognition), etc.
*A 4th authentication layer may restrict access according to the user’s location or time of login
For example: In the event that someone correctly guesses something you know (such as the commonly used “childhood pet” security question), MFA will require an additional step for the user to prove their identity. Maliciously gaining control of someone’s account becomes much more difficult if one of your authentication steps require a token physically possessed by the proper user.
Check out the infographic below for more stats on Multi Factor-Authentication:
While enabling MFA will not provide your company with 100% data protection, it will provide an extra layer of security that limits your organization’s risk. Implementing MFA should be a bare minimum requirement of every organization’s data security efforts.
When it comes to protecting company data, the size of your organization does not matter. Whether it is 50 employees or 50,000 employees, Multi-Factor Authentication is an invaluable way to double your security protocols and limit the number of dangers your company could face.
Learn more about the benefits and solutions of Multi-Factor Authentication here.
Mason Hager is a marketing associate at Tools4Ever in Washington State.