Black Friday Sale! 50% Off All Access

What You Need to Know About Multifactor Authentication A cyberattack could mean irreparable damage to your reputation and financial ruin for your business. Multifactor authentication can protect you.

By Adam Levy Edited by Dan Bova

Entrepreneur+ Black Friday Sale

Our biggest sale — Get unlimited access to Entrepreneur.com at an unbeatable price. Use code SAVE50 at checkout.*

Claim Offer

*Offer only available to new subscribers

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

As our world grows increasingly connected, cyberattacks on businesses and institutions are becoming more common.

In May, we saw the ransomeware WannaCry wreak havoc on more than 200,000 computers across the world. The Petya virus, meanwhile -- which has affected global brands such as Mondel?z International, advertising giant WPP and oil producer Rosneft -- has arrived as another major cybersecurity problem.

Related: The Worst Hacks of 2017 -- So Far

WannaCry worked by encrypting targets' hard drives, only allowing them to recover their files after they paid a $300 ransom. Within five hours, the operators had already received 27 payments, totaling about $7,000.

The high-profile nature of these attacks -- and their increased frequency -- highlights the fact that nearly everyone who uses the internet is at risk of falling victim to cybercrime. As an entrepreneur, you need to take the proper security measures to keep your network and data safe. A cyberattack could mean irreparable damage to your reputation and financial ruin for your business.

An in-your-face offense is your best defense.

Controlling who has access to your devices and network is a big part of defending against hackers. At present, multifactor authentication (MFA) is one of the more effective tools for limiting access to the right people; it requires users to present multiple pieces of evidence rather than a simple password. It usually takes the form of two-factor authentication, which is something we're all fairly used to at this point.

Typically, the information you're required to enter can be categorized as something you know (e.g., a password or your birthday), something you have (e.g., a bank card or phone) or something you are (e.g., using a biometric marker such as your voice).

Obviously, the premise behind this type of security is that while one type of information is relatively easy for a hacker to acquire, it's far more difficult to obtain two or more types.

We're now seeing even more advancement in this arena. Swiss security researchers have reportedly found ways to eliminate inconvenience and boost reliability by using ambient noise as an authentication token. Recording three seconds of audio from both the device attempting to log in and the user's smartphone, the service can cross-check the noise to ensure the user and the device are in the same place. Only then is access granted.

Secure your business -- and your money.

It's clear that MFA is at the crux of the future of security, and from a business perspective, the cost of implementing this security strategy far outweighs the outrageous cost of a full-on data breach. Successfully implementing it requires careful consideration of the following three steps:

1. Prioritize ease of use. It's important to remember that a security measure is only as effective as the people who use it. A University of Phoenix study found that roughly 52 percent of American adults studied said they prioritize convenience over cybersecurity. If your authentication process is too big a pain, people will find ways to avoid using it when possible, and that's counterproductive.

Related: The Good, the Bad and the Careless: Insider Behaviors That Cause Data Breaches

Google has supported MFA for years, but last year, it made the authentication process for Gmail and G Suite users even easier. In the past, signing in from a new device required manually entering a code via text message or an authenticator app. Now, users can approve login attempts by simply tapping their phone after receiving a push notification.

In contrast, anyone who's used tokens has probably experienced the frustration that ensues when you don't type in your login code fast enough -- or, worse, you lose it.

2. Vet vendors. It goes without saying that you want your security solution to be administered, well, securely. That means you need to be able to trust the vendor providing it. Yet, according to a NAVEX Global survey, 32 percent of IT professionals surveyed don't take steps to assess the security initiatives of the third-party vendors they partner with. That's troubling, because these companies are just as susceptible to targeted cyberattacks as you are.

Specifically, tyou can ask prospective vendors to gauge their abilities and their fit with your needs. First and foremost, ask what kinds of security practices they take themselves: Do they have policies that take into account a wide variety of scenarios, and do they have recovery plans in place should the worst occur? If a cybersecurity provider doesn't follow best practices internally, it's probably not following them externally. So, steer clear.

Second, dig into the business's general trustworthiness and approach. Have complaints been lodged against the company? How have other customers felt about the service? Seeking references -- as well as licensing information and the Better Business Bureau's assessment of the firm -- is a great way to use others' experiences to inform your own.

3. Determine uptime. An easy-to-use and secure system goes only so far if your employees have to worry about whether they're able to access it on the job. So, reliability must be a top priority, too. According to research from the National Cyber Security Alliance/Symantec, 66 percent of businesses surveyed reported that they depended on the internet to operate, and nearly 40 percent said they heavily depend on the internet.

That said, an unreliable MFA system could quickly paralyze those businesses -- yours too -- if employees aren't able to access the resources they need to perform their jobs. Your MFA system should guarantee a very high level of uptime -- 99 percent or better. If the vendor you have in mind can't offer this, you might need to do more shopping around.

Related: We Scored High on This Cybersecurity Quiz. How About You?

Some businesses may be required by law to have an MFA system in place because of the industry they operate in or the type of service they provide. Others may not need it at all. As a business leader, you should understand how it works, how it's evolving and whether it makes sense for your organization.

Adam Levy

CEO, Magnet Solutions Group

Adam Levy is the founder of Magnet Solutions Group, an IT and web development company, and LoTops, a CRM and management application for small businesses in any industry. He tweets regularly on business technology at @Adam__Levy.

 

 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Making a Change

This All-Access Pass to Learning Is Now $20 for Black Friday

Unlock more than 1,000 courses to fit your schedule.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Health & Wellness

How to Improve Your Daily Routine to Strike a Balance Between Rest and Business Success

Here's how entrepreneurs can balance their time and energy to prevent burnout.

Business News

Barbara Corcoran Says This Is the Interest Rate Magic Number That Will Make the Market 'Go Ballistic'

Corcoran said she praying for lower interest rates and people are "tired of waiting."

Business News

The Two Richest People in the World Are Fighting on Social Media Again

Jeff Bezos and Elon Musk had a new, contentious exchange on X.

Science & Technology

I've Spent 20 Years Studying Focus. Here's How I Use AI to Multiply My Time and Save 21 Weeks of Work a Year

AI is supposed to save time, but 77% of employees say it often costs more time due to all the editing it requires. Instead of helping, it can become a distraction. But don't worry — there's a better way.