Securing your systems in today’s climate is a multi-level event; however, two-factor authentication is the number one way you can stop a bad actor from moving around on your network. Listen to these insights on how to establish this first line of protection on every one of your firm’s devices. It’s now much easier than you think!
Garrett Graney 00:06
I’m very excited to have Kevin fry, our Technical Services Manager with us today to talk about two-factor authentication. Welcome, Kevin.
Kevin Frye 00:16
Thanks, Garrett. I’m excited to be here.
Garrett Graney 00:18
I’m excited to have you this is a pretty technical conversation. wanted to take a moment to talk to you about two-factor authentication. Here at IT solutions, we believe it is the number one thing you can do to improve your security posture. Please don’t misunderstand me, it’s not the one and only thing you need to do. Security is a multi level event. Two-factor authentication years ago, used to be a little ID that was attached to your keychain. And when you logged into your computer, you were requested to have an eight digit code available. It is much different today. Two-factor authentication is the number one way you can stop a bad actor from moving around on your network. Kevin, Could you walk us through quickly what type of two-factor authentication is available and how we’re implementing it on client networks?
Kevin Frye 01:14
Sure. So there’s a variety of options you have for two-factor authentication. There’s some popular ones out there like duo that we use here internally, there’s systems like Authy, Microsoft authenticator, and Google’s authenticator. I mean, any of those cases, you’re most likely going to need a combination of solutions depending on which services and applications to use. But the goal is to secure every single endpoint. So every device, every piece of software, and every service with two-factor authentication, you want to make sure you have that security at every single level. So not only do you want to FA s before someone logs into your machine, you also want it at every application that they open wherever possible, and especially focus on the ones that are Internet facing. So you have services like Microsoft, office 365, which is a very public thing that everybody knows about, including bad actors. Those are the things that you want to secure first and foremost, because they can be accessed by anybody in in the world without like physical access to your building. So those services like Microsoft Office 365 make it very easy to sign up for it. They even have, as I mentioned, their own built in tool for two-factor authentication. And we believe it’s paramount that you have it configured on everything possible.
Garrett Graney 02:33
Is that the extensive list? Or is there more than just those components? So
Kevin Frye 02:37
yes, everything that you can physically access or access through any sort of computer or mobile device, all your services, applications, and an every single piece of network equipment, and anything that any user interacts with?
Garrett Graney 02:50
So talk to me about the complications that come with this today. It sounds burdensome, it sounds like it would be difficult to implement. What are we seeing? And how are they simplified two factor authentication?
Kevin Frye 03:03
Sure. So when you whenever you talk about an increase in security, I think a lot of people always equate that to inconvenience to you’re just adding more time it takes for them to log in or creating like a technological struggle that they didn’t have previously. So two-factor authentication has come a long way, it’s very easy to use. Most of the major services allow you to install an application like on your mobile phone that give you push notifications. So a push notification is basically just like a pop up on your phone, that’ll give you the opportunity to just say, accept or Yes, anytime you try to log in. So if you try to log into 365, for example, before you can fully access your email, you’ll get a prompt on your mobile device where you have to say essentially, yes, this is me, I approved this connection. And for any places where there isn’t a specific app available, most software and services will provide a text based one. So we’ll send you a a simple text message with a six or eight digit code that you then just type into your into your computer or whatever software or service that you’re trying to log into. So it’s just a few seconds of the inconvenience that will save you potentially hours if not days or weeks of inconvenience, if you were to have some sort of security breach data loss or anything worse.
Garrett Graney 04:22
Okay, so they’ve made it easier. They’re using push notifications, myself, and most of our clients are using their phone, whether that’s Android or Apple as their two factor authentication code. And it’s much easier to log in, even though I’m doing it several times in a session, maybe when I log into the computer, and then I log into an application, the financial application, for example, I would have the two-factor authentication code requests when I press a button or not, man, that’s right. And so they’ve made it easier. But even IT solutions I heard you mentioned earlier, has several different products that we recommend is Common for an organization to have two-factor authentication from multiple providers.
Kevin Frye 05:06
It is soon because not every software or service or even cloud-based service is going to connect with every single third-party service. So on the one that we use heavily as duo, but that doesn’t necessarily work with every single application. So some of the stuff might be proprietary. And of course, if you use something like Office 365, they try to push you to use Microsoft authenticator. If you use any Google services, they try to push you towards their flavor.
Garrett Graney 05:32
Okay, great. So quickly, and I know this is a difficult question to answer, why does two factor authentication make the top of the IT solutions security list?
Kevin Frye 05:44
Well, when you think about bad actors, and the sort of things they try to solicit from, from any organization, they usually go after people on they use very sophisticated, targeting phishing emails, they can use some social social engineering techniques, they can get your information from any social media that you use, whether it be LinkedIn, Facebook, or even your own company website where they can find your email address. So and a lot of the services that companies use are public and well known. So when you look at a service, like 365, or anything from from Gmail, Salesforce, what have you, um, they already have a couple of pieces of information, most likely, they can most likely understand where you’re going to log in, they can more than likely get your email address from one of the social media websites, or from your own website. And that already gives them to the pieces of information they need in order to access your data. So after that, it’s about trying to social engineer that password maybe through like a phishing attempt in an email, or maybe even just brute force or being able to guess that password. So having two factor authentication is like a wall after that. So even if they have all three pieces of of those core login credentials that you would normally need. And with two-factor authentication in place, the buck stops with you, you get that prompt on your device and whether or not you want to allow that login, it also gives you a tremendous peace of mind. Now while while it’s unsettling to get a two-factor authentication prompt on your device that you did not request. Once you see it, and you’re able to deny it, it’ll give you a more peace of mind that you set up the right solution, you made the right decisions for your organization. And you can then go forward and change your password wherever necessary and keep your account
Garrett Graney 07:28
secure. 100%. So one last piece of information on my end. Concerning business owners, I know that IT Solutions has come across this and in talking with our insurance broker, the top 10 cyber insurance policy providers, as of January 120 22, are requiring a host of new features in order to consider you ensure insurable, the number one thing that they are requesting is two-factor authentication. The number two is EDR, having an endpoint detection and response system in place on your network. If you don’t have two-factor authentication as of January 1, 2022, you are considered uninsurable and your policy will not be renewed. So yet another critical reason why you want two-factor authentication in place today. In summary, here’s what we’ve we’ve covered. Number one, there’s been an evolution of two-factor authentication is much easier. Now there are many platforms to choose, you will likely have two to three platforms within your organization, most of them using the push technology today. Number two, it’s a more complex rollout than it was in the past, you want to make sure that you have two-factor authentication deeply ingrained into your network and into your organization. This prevents the movement of bad actors on your network. Number three, the cloud. Whether you using Google, Amazon, AWS, it doesn’t matter. You need to have your two-factor authentication driven out to the cloud. And then lastly, your insurability from a cybersecurity standpoint, which is critical today requires two-factor authentication in place. All right, Kevin. That was an awful lot of information. Thank you again. I really appreciate you joining me today.
Kevin Frye 09:22
Thanks for that was a pleasure to be here.
We’ve got answers — fast, clear, and tailored to your needs. Let’s talk tech.
