“It’s not paranoia if they are really after you.”
– Tagline for the movie “Enemy of the State”
Is your business as safe as it can be from cyber crime?
Cyber crime is a real threat and the more digital our universe becomes, the larger the threat. One of the easiest ways for a business to protect its server from intruders is by regularly changing passwords. Proper password complexity and frequent password changes are two good habits you can adopt to help secure your digital assets. Set the complexity level and frequency of changes on the server and automate for all users. But because password cracking software has greatly improved, only changing your passwords and increasing complexity is not enough in the longterm.
Third Level Password Policy for Your Business–MFA
For the next level of added security you’re going to have to switch to MFA or multi factor authentication. MFA works by using a third step, after your login name and password-to identify you. This third step is called a ‘token.’ A token is usually provided via a text or through an “Authenticator App” on your cell phone.
Authentication Apps from Google and Microsoft
Both Google and Microsoft make authenticator apps that provide these tokens on a rotating basis that can be entered after your login. When logging into Google from a new device, they often ask you to verify the device. Google sends you a text with a code to enter –this is MFA.
Each time you login to an MFA enabled system, you’ll need to retrieve the third step from an outside source. Yes it’s a pain, but it’s very, very hard for hackers to defeat. We have MFA on all of our major systems, so that even if someone gains access to our network, and somehow finds a password, they still don’t have our cell phones to receive the token. Most applications including email have MFA capability. A quick call to your application vendor can determine whether or not they support MFA.