Tom Shanley, SVP of Technology Services for SmartSource

As a member of the technology community, I often advocate for friends, family, and business contacts to bolster their cybersecurity defenses. More often than not, the recipient of my often-unrequested advice reciprocates with a blank stare. These reactions usually leave me questioning my delivery and why it seems other individuals do not share the same zest for security.

The answer, it seems, is that while most everyone agrees they would rather not be hacked, they do not understand where or why to implement a security measure. To address this problem, I find it helpful to focus the conversation on two easy-to-understand areas: your business’s internal domain and any ancillary services used by the business.

In the world of small business, an internal domain is most easily attributed to your network and the devices that reside within. Examples of these devices would be your servers, workstations, switches, and WiFi deployment. Gaining access to these systems typically requires an employee to authenticate themselves via a username and password. Ancillary services, which can include a broad swath of solutions, are most easily attributed to accounts the business uses that are not hosted internally within your domain. Examples of ancillary services can include websites for your business email system, customer management, human resources tools, and so on – essentially, any services used by employees to operate a business that fall outside of your domain.

One of the easiest methods for protecting both of these areas of operation is two-factor authentication, also referred to as “2FA.” Two-factor authentication is a method in which a computer user is granted access only after successfully presenting two pieces of evidence to an authentication mechanism. In non-nerd terms, this simply means you are required to enter a second password upon logging into anything on the domain or hosted service you are using.

Recently, a computer support provider utilizing a well-known antivirus product was breached by hackers who subsequently used the software to infiltrate their customer base. The hackers were able to accomplish this feat due in large part to the provider not using two-factor authentication.

Two-factor authentication is usually a simple security solution to implement across your domain and service accounts. However, not all two-factor authentication software works on everything. For example, in some cases, you may need two separate two-factor authentication products to cover the various devices and service accounts you use. 

If you would like to upgrade your security practices, it’s best to consult with your IT staff to compile a list of everything inside and outside your domain that requires employee authentication. Next, task your IT staff with identifying a 2FA solution, and a qualified team, to ensure all your devices are covered.