Almost daily in the news we hear about major data breeches. Sure a data breech at your small business is not going to make the news, but what will it do to your local reputation and your client’s confidence in you? Passwords are only as strong as they are created. How many times have you seen one of your employees pull out a sheet of passwords? Or if we’re being honest, do you have a password sheet? Two Factor Authentication (2FA) doesn’t eliminate the need for a password but it adds a significant layer of security.
You may not realize it but you are already using 2FA. Do you ever pull money out of an ATM? Your ATM card and your PIN combined are an example of 2FA. 2FA is defined as an “approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor (“something the user knows”), a possession factor (“something the user has”), and an inherence factor (“something the user is”)”. (Wikipedia) For example: a password (known), an ATM card (possession) or a fingerprint (inherent).
Tokens are the easiest way for a small business to implement 2FA. By utilizing tokens you can be sure that your employees or clients are who they say they are by the presentation of a PIN (something they know) and their token (something they have). The token can be in the form of a physical authentication device or as application on a smart phone. In each case, the token will generate a password that can only be used once and can only be used for a very limited time insuring a great level of security. This form of 2FA can be used to gain access to servers, workstations, Virtual Private Networks (VPN), PSA/CRM tools and many, many more.
At this point you may be thinking “great, another IT expense” but just as you insure your business against physical losses you must be actively taking steps to protect you and your client’s data. This is even more crucial if you are subject to any security regulations. 2FA will not only give you a greater peace of mind, it is also a significant competitive selling feature highlighting your commitment to you and your client’s security.
Mythos Technology is an IT consulting and management firm. For more information, please visit www.mythostech.com or call (951) 813-2672.