Skip to main content
February 21, 2019

An ignored cybersecurity measure

Teddy Njoroge
Teddy Njoroge

There are a number of tried and tested security measures a business may consider implementing in the prevention of data theft, leakage of credentials or unauthorised system access.

Three options always crop up: antivirus (AV) solutions applied on devices and servers can detect and eliminate many direct threats. Backups can also ensure that any data lost in an incident such as a ransomware attack is recoverable. Device encryption is similarly a foremost prevention tool that can secure confidential data from being obtained by attackers.

However, there is another option that is increasingly relevant in the fight against cybercrime, and though readily available, it is largely ignored. That is, two-factor authentication or simply 2FA. This is an ideal solution that can help protect a large number of online services if the access credentials of a business are compromised.

Today, a breach to confidential business information is as easy as waiting for a user to access the corporate network remotely or compromise work email via an unsecured connection.

In this scenario, using a single data item such as a username and password to authenticate in to a system may be practical but not the most secure. Due to poor password management, 2FA offers an easy and additional layer of security.

Implementation of a 2FA solution may vary. Once the password has been entered, the system will request a code, often delivered automatically to a secondary device such as a mobile phone via a text message from the 2FA system. In some systems, an application (separate from the web browser) is used to enter the code.

With the growth of social networking, personal email and gaming libraries that all need individual accounts, easy to use 2FA applications have been developed and which offer added protection on these various platforms.

While 2FA has gained credence among individual users, it still remains an underutilized security measure in the corporate and small business sector due to low awareness among staff and also some would say budgetary concerns.

Just like antivirus security solutions, there are many 2FA solutions available to suit all budgets. Perhaps a better approach would be to consider the cost of not implementing a 2FA solution.

As much as creating robust passwords is an important part of prevention, a majority of users will only remember a small number of them, while opting for easy to remember passwords.

Regardless of the size of your business, it is well worth implementing 2FA systems if you want to keep corporate information storage accounts safe, especially for shared resources and for employees who access their corporate networks remotely.

While not infallible, a well-implemented 2FA solution offers an additional layer of security that many criminals do not try to get past. Therefore, a business that does not implement 2FA will be more likely to be attacked than one that does.

The writer is the Country Manager for ESET East Africa.





Poll of the day