We’ve written about some of the numerous ways in which cyber criminals can infect your network and take over employee accounts within your organisation. Anti-malware products that are designed to protect your network against breaches via ransomware and phishing are eminently sensible.
And we have highlighted the example of Google, which hasn’t succumbed to a single data breach through malware in the 18 months since they supplied all employees with a cheap, £15 security key.
But there are other steps you should be taking as a minimum in the pursuit of best practice to protect your organisation from increasingly inventive cyber criminals.
The first is cyber security training for colleagues – education means that all employees will take responsible steps to protect themselves and the organisation from attacks.
And many security experts argue that implementing two-step or two-factor authentication (2FA) across your network is another minimum requirement.
So what is 2FA?
Simply, it means that as well as inputting your user name and password each time you log on, you’ll also need a special code that is sent to you via an app, gadget or text – a second device. RBS NatWest, for instance, has been supplying its customers with card readers for several years now. In order to make a payment or transfer money online, the customer must insert their card into the reader, enter their PIN and generate a code that must then be entered online to authorise the transaction. It’s simple, non-intrusive but extremely effective.
A more common method of delivery of code for 2FA is via text message. As influential tech publication Wired recently noted, however, this has downsides, chiefly that the SIM card in your smartphone can be hijacked, allowing the hacker to redirect any 2FA notifications to them and thereby giving them easy access to your organisation’s network.
“Unfortunately, it isn’t that hard for thieves to impersonate you to your mobile phone carrier and hijack your mobile phone number—either with a phone call to customer support or walking into a phone store,” Lorrie Cranor, a computer scientist at Carnegie Mellon University told Wired.
This is not an issue for third-party “authenticator” apps that will generate codes for your colleagues every time they wish to log on to the network. These can be single-use, known as HOTP (HMAC-based One Time Password) or TOTP (Time-based One Time Password), in which the password expires after a short time, making it even more secure than HOTP apps.
And the safest of all is Hardware-based 2FA, according to computer security specialists. As part of your cyber security training regime, it’s essential that you discuss with your IT resource what 2FA solution is the best fit for your organisation.