By CAREY VAN VLAANDEREN, CEO at ESET South Africa.
Twelve months ago, you launched a business. Considering the odds that 30% of new businesses fail in that period, you can be proud that you are still afloat and “only” facing improvements to your company’s cybersecurity,
Now, the cybersecurity marketplace features a number of products tailored for small and medium enterprises (SMEs), products which you can implement and will both lower stress levels and resource demands on you, or your dedicated IT desk, if you have one. But, you’ve also discovered and digested that it’s not just IT systems that need protecting, it’s all the data you handle too. So, the impacts of data regulations such as Protection of Personal Information Act (POPIA) , are also likely to add additional stress because of the unknowns you’re facing.
Here are the best practices and technology that reduce stress, pair nicely with scaled security for SMEs and can also help put you on the road to compliance with data protection regulations.
One of the strongest steps which can be taken to secure data is improving the protection provided by passwords, e.g. making what should be safe – in theory – actually secure.
Passwords protect, who protects them?
One readily available option that still hasn’t been fully leveraged by many SMEs is two-factor authentication (2FA). This technology is an ideal solution for helping protect a diversity of online services from having their access credentials compromised. Simply put, use of 2FA makes it more costly in money and manpower (for bad actors) to breach your systems.
Proper implementation and use of 2FA technology are the best complement to creating robust passwords. This is because the majority of users, business or otherwise, will only be able to create and remember a small number of properly (or for that matter even poorly) built passwords at any point in time. (Most users simply opt for easy to remember passwords.)
Rapid consequences need fast acting protection
With cybersecurity and particularly data security having such serious implications for reputation and regulatory compliance, no one wants social network accounts, business or personal email, client databases, document libraries or even cloud gaming platforms accessed without permission. Now, implemented 2FA solutions vary, but normally an automatic SMS message or other application that generates access codes is used. Once the password has been entered, the system will request this code and, in some systems, an application (separate from the web browser) is used to enter the code.
Despite the growing uptake and the boost in security it gives, 2FA remains underutilised. This may be because of a fear of complexity for users or reluctance to understand how multiple layers of security can be leveraged to best effect. That is the beauty of 2FA: it doesn’t require deep understanding to be effective.
Securing the foundation first
Continuing to use a single data item (password) as an authenticator for a system, while practical, has proven not to be secure. Even worse are poorly implemented security measures that drive up cost and complexity.
For example, many business users who connect to a corporate network or who access their work email accounts remotely via VPN for extra protection doing so by simply authenticating with a username and password. Unfortunately, and especially in the case of paid VPN access, all benefits may be null and void simply because of a weak or already compromised password. Thus, the value of increased security is diminished or lost from the start.
2FA, done right
There is still a way to go before use of 2FA becomes standard practice. Fortunately, awareness campaigning by the European Commission and vendors like ESET around compliance with the General Data Protection Regulation (GDPR) have made an impact globally.
Two-factor authentication, in conjunction with the traditional password system are much more secure than simply using credentials alone. Many attacks that were made public in recent months (check Have I been Pwned?) could have been prevented if 2FA had been in place. Even if attackers had managed to infect a computer and steal a password, they would not have been able to access the account associated with it, as they wouldn’t have had the access code.
Risks to password protected assets, be they data or digital tools, are even higher when geographically distributed and/or are used on the go and mean that managing the network, including devices and other digital infrastructure, requires remote access. This logically extends to security management as well. So to address the need for an easy to use, flexible 2FA solution, ESET offers it smartphone-based product ESET Secure Authentication (ESA).
Costs of implementing 2FA?
Like many other available cybersecurity solutions, there is something to suit all budgets. But rather than thinking about the expense of implementing a 2FA solution, consider the potential cost of non-implementation.
With many employees logging into multiple platforms daily, verifying identities is of utmost importance for companies of all sizes. ESA slashes the cost of acquisition since it works across iOS, Android and Windows Mobile devices, and can be implemented in under 10 minutes.
If cost issues remain, implementing 2FA for accounts with admin rights and those who have access to – or store confidential information, can be prioritized. This is a strong step towards avoidance of data theft and possible regulatory penalties. ESA covers safe access to VPNs, Office365, operating systems, email, and more. It’s designed as software-based but is also compatible with hard tokens.
Keep in mind that this system, while not fool proof, offers an additional layer of security that many criminals won’t even try to get past. Therefore, a business that does not implement 2FA will be more likely to be attacked than one that does.
Regardless of the size of your business, two-factor authentication is a layer of security that should be considered, especially for shared resources and for employees who access their corporate networks remotely.
With 2FA behind you, more growth lies ahead. Stay informed about best security practices and address risk by scaling protection in proportion to growth.