Keep your data secure by adopting Multi-Factor Authentication, Security Awareness Training and Single Sign-On
We have all seen the impact cyber attacks have had on companies and their customers, including Equifax, Wells Fargo, Panera Bread and many more. Many small businesses feel that they are not at the same risk as large companies when it comes to a cyber attack, but that is simply not true. In fact, 58% of cyber attack victims are small businesses. Security should be a top priority for every organization regardless of size. We get it, security is complex, and many small businesses don’t have the time or know-how to focus on improving security protocols. That’s where security-focused Managed Services Provider’s like Infotect Design Solutions provide tremendous value for small businesses. Learn about 3 powerful tools your organization can adopt to increase cybersecurity and reduce your risk of a cyber-attack below.
Multi-Factor Authentication
Multi-factor authentication (MFA) provides additional layers of security to help protect your data. The added layers of security MFA provides is crucial because one stolen password can take down an entire network. MFA can consist of up to 5 factors. All 5 factors are designed to protect your accounts from breaches.
Knowledge Factor: This refers to something you know, such as a password or a PIN. This is traditionally the first layer of security.
Possession Factor: This refers to something you have, such as a mobile app or a phone number. It is common for applications to send a code to your smartphone that must be entered before access is granted to your account.
Biometric Factor: This refers to something you are, such as a fingerprint or face scan. This is a strong layer of MFA because it is hard to imitate. Many smartphone owners use this feature every time they unlock their phones.
Location Factor: This refers to your geographical location, so, for example, your account can’t be accessed from a different state or country.
Time Factor: This refers to the amount of time allotted to authenticate your login attempt, for example, the WatchGuard AuthPoint app doesn’t grant authentication permission after 30 seconds of the request being sent.
Strong multi-factor authentication solutions will always use a combination of two or more of the factors above. A common example of 2FA is logging into a website with your username and password and then immediately being asked to enter a pin or approve a push notification sent to your phone. In this case, both the knowledge and possession factors are used.
Security Awareness Training
Security Awareness Training (SAT) is imperative to keeping an organization safe from cyber-attacks. An organization’s employees’ must be aware of how to spot a potential attack and how to go about reporting it. Many organizations overlook SAT for their employees, yet 90% of successful network breaches are caused by user-error.
93% of security breaches start with phishing, thus receiving training on how to identify red flags can stop many potential breaches. Phishing is when an email tries to trick you into providing sensitive data. The cybercriminal composing the email will often pose as a business you are familiar with or somebody you know. You should ALWAYS be cautious of an email that asks you for any sensitive information.
Webroot offers Security Awareness Training that covers phishing and a variety of other cyber threats. The core purpose of SAT is to increase awareness of phishing and teach end-users security best practices by exposing employees to the latest methods of attacks. Other examples of training courses taught through the Webroot SAT console:
· Best practices for password management
· What personal data is considered PII (personally identifiable information) and what needs to be kept anonymous/secret for compliance standards.
· Best practices for using public & unsecured networks
On-going training is important because phishing emails and other cyber threats will continue to evolve alongside the technology used to prevent them. By continually exposing users to different simulated attacks, your organization can expect better security awareness and hygiene, fewer breaches and an overall lower cost to cybersecurity investments.
Single Sign-On
Single Sign-On (SSO) allows users to use one set of login credentials to access multiple accounts. Using SSO can lead to hundreds of hours saved each year by cutting down on the time employees spend logging into their various accounts throughout the day. On the back end SSO is helpful for monitoring user activities and managing user accounts. Specifically, SSO takes the password management out of the hand of the user and generates complex randomized passwords that the user never has to see or know. Furthermore, SSO can be set to automatically change passwords regularly for security best practices and compliance laws – and users don’t even know it’s happening.
With SSO all business-related applications can be connected to a portal, so users are forced to use MFA to access to their business apps. Although this tool is extremely convenient, there is some level of an increased security risk since one account breach allows access to multiple applications. If you adopt SSO it is important to have a strong multi-factor authentication system set up. WatchGuard is your one-stop-shop for convenience and security with their AuthPoint technology and their various SSO tools.
Contact us today to learn how we can deliver a high-value solution to all your security needs. Security is complex. By outsourcing your IT support to Infotect you’re easing the stress and anxiety of protecting your sensitive data. Allow the experts at Infotect to become an extension of your business that way you can focus your efforts solely on serving your customers and employees.
Sources:
https://www.webroot.com/us/en/business/security-awareness
https://searchsecurity.techtarget.com/definition/single-sign-on
https://www.watchguard.com/wgrd-products/multi-factor-authentication