The Optus data breach, impacting almost 2.1 million Australians, has brought online security and privacy to the forefront.
And if you think, as a small business owner, this is not relevant to you — then you should think again.
A recent report has identified that small businesses are more frequently targeted by cyberattacks than large companies.
The impact to your business could be devastating.
Now, there are many ways in which a hacker can attack your business. But the alarming thing to consider is that, in some instances, they only need one point of entry — and that can come from a single consumer or employee.
Which brings us to the practice of two factor authentication (2FA).
What is two factor authentication?
Two factor authentication, or two step authentication, requires users to complete an extra step when logging in to websites and software.
These users could be employees or customers or suppliers.
It adds an extra layer of protection to the traditional single factor authentication, which requires only a username and password.
This second step could relate to:
- A piece of information that only you have — an answer to a security question, for example
- A location — say, a connection to a computer network
- An item that only you have (e.g. smartphone, hardware token, or credit card)
- A personal feature such as voiceprint, iris scan, or fingerprint scan
Most popular apps — including GoDaddy’s website building tool — now offer two factor authentication. Head to the login and PIN page to set it up through GoDaddy (get instructions here).
How does two step authentication work?
The process involves an extra step above and beyond the username and password. This step can be:
- Delivered via email or text (SMS)
- Verified with fingerprinting or facial recognition
Verification via a dedicated mobile app such as Okta Verify is another method.
Even if a hacker uncovers your email and password, they'll need to verify your identity through double confirmation, using one of the methods noted above.
For a business, implementing two factor authentication makes you infinitely more secure.
Because even if a hacker can get in via one user’s two step authentication, it’s very difficult to get access to other users.
What are three examples of two factor authentication?
There are a number of ways that two step authentication can work — here are three of them:
- Physical security keys offer one of the strongest levels of protection because they are designed to ensure that it's you attempting to access your account. Using a physical security key involves plugging a USB type C or A device into your computer in order to access the account. Security keys fit on a keychain and can be easily carried around for instant use.
- Token codes are one of the most popular two factor authentication options. Token codes are sent to a separate device, such as your mobile phone. One concern with this method, despite its widespread use, is that hackers do have the ability to capture texts from the networks.
- Authentication apps require the user to download an approved app to their mobile phone in order to safely connect to your business via that app. When wanting access to your systems, they open the app and use the ever-changing code as a second layer of authentication.
What are the benefits of using 2FA in my business?
Trust is in short supply in recent times. With high-profile cyberattacks likely to increase, it will only get worse.
Adding 2FA and other layers of security will show your consumers that you take their data privacy seriously.
In fact, for many industries, anything less than 2FA will be seen to be reckless and irresponsible. Consider the situation for health and financial businesses holding particularly sensitive data on their users.
And if being proactive and concerned about the trust in your brand is not a strong enough motivator, consider the implications of a cyberattack on your business.
Fines for not having sufficient security protocols are very likely to become more serious. For smaller businesses, the ability to absorb the financial impact, let alone the impact on reputation, will mean the difference between surviving or not.
What are some authenticator apps for small business?
Authenticator apps can protect your business, your users, and of course you when using other websites. Here are a few examples to consider.
From a consumer perspective, Google’s Authenticator app is a terrific choice to access websites with 2FA already implemented. Download the app and connect it with the specific site, often as simply as scanning a QR code.
If you’re a Google Workspace administrator, managing your employees’ access to Google’s suite of products, then you can use this resource to protect your business with two step authentication.
Or for sole traders, who are Google Workspace users, then this resource will be valuable in turning on two step verification.
If you use Microsoft 365 within your business, then you should enable multi-factor authentication for all users of your account. Individuals or sole traders can read this resource to understand how to download and use the Microsoft authenticator app.
Authy by Twilio
For consumers, Authy is a popular option with support from most prominent websites. It works in much the same way as other authenticator apps.
And should you want to launch your own branded authentication app for your business, Authy has a range of authentication APIs and an SDK to get started.
Another solid option is the 2FAS mobile app. In it you can add online accounts through a QR code or manually. The app also allows you to create cloud copies of your registered accounts.
Features to look for in an authenticator
The first thing you should look for in an authenticator is whether they back up, or keep copies of, the account information.
This will protect you in case you lose the phone you used to set it up.
Aside from this, there are other convenient features that you may wish to consider. For instance, some apps will work with Apple Watch apps, which would be incredibly convenient for watch owners.
How two factor authentication protects your business
If you take one thing away from this article, I hope it is this:
Cyber security is important to your consumers and therefore critical to your business.
So don’t ignore it.
One of the first steps you should consider is implementing 2 factor authentication for employees, suppliers and customers to access your online services. This will drastically improve your security and help to protect your consumer’s privacy — because a username and password simply isn’t strong enough anymore.
If you use Google Workspace or Microsoft 365, then enable their built in two factor authentication for yourself and your employees.
Then consider the other security features you should implement.
Want to be really prepared? Understand what you should you do if you were to suffer a cyberattack.
Editor’s note: Website Security is a one-stop website safety net that includes backups, an SSL, malware scanning, as well as a firewall that turns away suspicious traffic before it even gets into your site.