Verify Your Users With 2FA
Verify Your Users With 2FA
By: Scott Hawkey, Technical Services Manager
At PCS we’re always looking for new ways to improve our offerings and add new products to our portfolio.
Take the last few years for example – we have added LOTS of innovative, exciting products to help improve our customers IT infrastructure and experience.
Which leads me on to a little story…
The most exciting product we have released in the last 12 months (in my opinion) is the Two-Factor Authentication solution. There are many reasons behind why we added this to our offering and I wanted to give an example…
Lots of customers now require access to systems from anywhere and whilst this isn’t a new thing, it has become more popular in the last few years.
Having access to things like:
-
Email
-
Company Documents
-
Company Software
All whilst being out of the office is now part and parcel of every day working. This is obviously great for companies, it means that people can work smarter from wherever they like… But it comes with its own set of problems.
Having company data accessible over the internet has meant that security needs to be tighter than ever. Making sure users are protecting their accounts with strong usernames and passwords is the first step in this but it’s not always the only solution.
A few months back we were contacted by a local company who had invested thousands of pounds into their IT. They thought that they had state of the art Servers, Firewalls, Antivirus etc and they believed that they were protected against hackers and viruses…
Now, if you work in IT, you know that there are many solutions out there for security, but if someone gives out a username or password or wants to gain access to your systems they will go to great lengths to make sure they do so.
This particular company were concerned that their customers were receiving emails from ‘them’ that were legit (and by that, I mean they were actually coming from their exchange server) and they wanted to know how this was possible (as nobody internally was sending them).
After sending an engineer out to site to investigate what was going on, we were able to confirm that indeed the emails were coming from a genuine user at the organisation.
It transpired that this user had received an email a few weeks earlier asking them to confirm their username and password, unbeknown to the user they click the email, entered their credentials and never thought any more of it.
Well this email was a phishing email designed to gain end users credentials and access to their inbox, it’s a simple as that.
This meant that some naughty person had been logged in to the user’s outlook web access and had been sending emails posing as the genuine user.
So, for all that money they spent on IT kit… Simply giving out a username and password inadvertently meant that the customer was compromised.
Luckily, in this case no damage was done as it was spotted early, but imagine if the customers had been told to transfer funds to a different account or ship items to a new location? Imagine the cost involved in rectifying this… It’s potentially huge.
That’s why it’s important to verify your users and that’s where 2fa comes in.
Verify your users
2fa or Two-Factor Authentication means that a user needs to verify their username and password with another method, such as a secure USB key, or a hardware token or simply a push notification to their mobile phone…
So even if a user did give out their details, the naughty person wouldn’t have been able to access their inbox as they wouldn’t of had access to the secure USB key, the hardware token or the end users mobile phone.
It’s an easy to implement, simple and secure solution to make sure that if the worst does happen and users are caught out, that access isn’t gained to company data.
We’re able to provide this solution to customers, to protect Office 365, Exchange, SharePoint, VPNs, Terminal Servers and cloud-based software.
So, there you have it.
A simple blog, highlighting how simple it is for a cybercriminal to gain access to company information and how a simple service like 2fa can save your company from suffering a not so simple cyber breach.
PCS Business Systems Ltd
2 Northfield Point
Cunliffe Drive
Kettering
Northants
NN16 9QJ
