If you run your own business, your time and money are at a premium. You need processes and tools in place that are as frictionless as possible so you can get the most out of every spare minute. With so much to do all the time, it’s likely that data security isn’t very high on your list.
It makes sense that you might be avoiding setting up security measures like two-factor authentication because you wonder if taking an extra step every time you need to access important data simply isn’t worth it. That’s adding friction to your workflow — something your team will see as a pain in the neck. Unfortunately, it’s nothing like the pain you’ll feel after experiencing a security breach.
A small business or startup that isn’t able to protect sensitive customer data from online attackers will find itself unable to keep customers: 87% of consumers say they’ll take their business elsewhere if they feel a company is mishandling their private data. If your customers can’t trust you to guard their privacy, how can they trust you to provide the services they hired you for?
It goes further: If your current customers aren’t happy, you’ll find it much harder to attract new ones. Even if your breach isn’t mentioned alongside one of the numerous high-profile data hacks that make headlines regularly, your reputation will take a hit in the marketplace; word travels fast in the digital age.
A second layer of defense
By taking small steps to ensure security today, you can avoid catastrophe tomorrow. Requiring a second factor of authentication whenever someone tries to access sensitive customer data is one such step. Multi-factor or two-factor authentication (2FA) is relatively painless to implement and use and, in conjunction with a solid firewall, can make your data much more difficult to hack.
To understand how it fits into your overall security system, imagine a scenario in which one of your employees had his or her data stolen in a recent breach like the ones that hit Equifax or Marriott. A hacker could use that information to impersonate your employee and log into your small business’s network remotely.
That sounds bad, but those stolen credentials alone don’t have to give them access to your company’s sensitive information. That’s where adding a second authentication factor comes into play. If you don’t have this extra step, they can simply use the stolen user ID and password to access the server or platform where data is stored. All of a sudden, you’re in big trouble.
If you turn on 2FA, that same potentially catastrophic scenario is not a problem. Even if a malicious actor accesses your network, your data is safe. That second factor required by 2FA isn’t stored in a database somewhere, so malicious actors can’t simply go looking for it. It’s a code that can only be viewed on another device, and it changes regularly.
So how do you set up 2FA?
Well, if you’ve ever used Google Authenticator or Authy, two of the most popular — and free — authenticator apps, then you’ve used 2FA. That’s all it is: an app that you download on your phone or put in place for each login. It doesn’t store that second password; instead, after an employee provides the proper credentials to access a particular platform or web app, the authenticator app provides a randomly generated code that changes every 60 seconds. This simple mechanism is enough to prevent hackers from compromising your entire company even after stealing valuable login credentials. It’s easier to put it in place than to wish you had.
If you haven’t been using simple security measures like 2FA, then it’s likely that your passwords — or one of your employees’ — have already been compromised. To find out, get your free dark web scan! We’ll scan your domain to see whether any credentials associated with your company have been stolen so that if they’re for sale on the dark web, you’ll be the first to know.