Better security for cloud software
March 28, 2016
Last month, online password vault company, LastPass disclosed that it had been hacked. The intruders, reportedly, were able to take user email addresses and password reminders, among other data. The company claims that no user vault data (user names and passwords) were accessed. In September 2014, Google acknowledged that nearly 5 million Gmail accounts and passwords were leaked and posted on a Russian website. That is just two of the many data breaches that occur every month. If you would like to read more about recent data breaches and other cybercrime, Brian Krebs, former Washington Post staff writer and author on cybercrime and other Internet security topics, hosts a website call Krebs on Security. Here is the address http://krebsonsecurity.com.
When you start to read about cybercrime, you begin to realize just how vulnerable you are personally and especially how vulnerable your business is. It is estimated that the average data breach now cost $6.5 million dollars to remediate. A part from becoming a cyber-security expert, there are two relatively easy ways to thwart a hacker from using your stolen account and password information.
One of the common practices that hackers count on is the use of a single password on many different websites like credit cards, banks, shopping sites, and email accounts. Once they have the user account and password they can access all of these sites. Even though it is cumbersome, best practice is using a different user name and password on every site. It provides a much greater level of personal security. It also limits the damage to the site where the account was compromised. This makes it much easier to reset the password on that account to re-secure it.
The second technique that can be used on many on-line accounts is called 2 factor authentication or 2FA. This concept has been around since 1984 but it still works well against today’s cyber-attacks. The components of 2FA are what you know, who you are, and what you have. Requiring any two of the three for access is 2FA. What you know is things like your user account, password, date of birth, favorite pets, teachers, schools, etcetera. Who you are is also known as biometrics such as finger prints, retina scans, and even facial recognition. The third component, what you have, can be things like your cell phone, a pager (if you remember what those are), or a security fob. Two factor authentication is often setup with a user ID and password and a text to a cell phone. After the user and password credentials are entered a text message is sent to the cell phone with a unique code that must be entered before access is granted. The code is normally good for just a few minutes. For most business accounts 2FA can be configured and required for all of the business users.
These two practices alone will not protect your business from every cyber threat. Combine them with the other techniques discussed in previous articles in this series and your business will be a much harder target to attack.