Online security can be one of the last things you think about when you’re busy running your business or touring the world. In fact, chances are two-factor authentication and cyber security might be low on your priority list.
But hear us out.
Not taking care of your online security, especially not turning a two-factor authentication (2FA) method on, can have serious consequences ranging from locking you out of your business accounts to commanding your payment profiles and even your credit and debit cards. Hackers are getting smarter, and they’re targeting users with weak security. What’s more, it takes mere seconds to put basic protections in place – for free.
74% of small businesses lack the capability and expertise to protect themselves from cyber attacks. And this is a warning sign for us at TDS as we see so many business owners encounter some very typical pitfalls due to not taking care of basic security. Sadly for us, we’ve seen many times the damage that online hacks can do, which is why we want to share this knowledge. We hope that you can share this article with your friends and family, as it might just save them a lot of heartache too. Below we explore what 2FA is, how to set it up, and what cyber criminals are really after.
What are hackers REALLY after?
The truth is, people who are stealing your data and money are not interested in your emails. Instead, once they get access to your email, they get the opportunity to access your various business accounts, like the ads platforms and the bank card details connected to them. Additionally, they can use and abuse this information the way they please and utilise your assets to spread malicious content, especially if you have a large following that may be exploitable with a ransom.
Furthermore, if hackers get admin access to these platforms, they also have the authority to kick you and your collaborators out of the account, locking you out of your own platform, and sometimes this whole process is automated, and doesn’t even require the hackers direct attention to do it en masse.
Why might YOU be the next victim?
Hackers rarely target specific people; invariably, they choose those with weak security – the ‘low hanging fruit’.
Normally, when an account has a multi-factor authentication on (which creates an extra barrier for the scammer), they tend to move on since it’s harder to hack and a lot of their automated systems are deflected by this simple barrier.
When you or your team members postpone turning the two-factor authentication on, you automatically become easy prey for hackers and scammers. Furthermore, it’s commonplace for people to reuse the same password for multiple websites, which only increases vulnerabilities to cyber attacks. In the eyes of a hacker: get the code for one; get the code for all (and don’t think that adding a ‘!’ at the end of your alternative password will help).
How does two factor authentication work?
The actual mechanism behind the two-factor-authentication is simple.
The concept of two factor authentication rests on the idea that you need to provide two identifying factors to prove your identity to gain access to your account. This helps to prevent unauthorised users from accessing your sensitive information or secure resources.
What can you do if your account information has already leaked?
You may have learned that not having two factor authentication turned on can cost you dearly, but what can you do if your data has already been compromised?
- Figure out what was stolen
Sometimes you get a notification that someone logged into your account and other times hackers are creative and you might not know until you check your credit history.
If you receive a notification about a data breach associated with your account, make sure you read it carefully and try to get an overview of what data has been stolen. You can also check if your email has leaked on this website.
- Change your passwords and consider a password manager
As an initial safety measure, upon discovering your account was hacked into, you should immediately change the password.
If you’re thinking writing your passwords down on a piece of paper or an Excel document is a good idea, you should definitely reconsider. If hackers get access to this document, all of your login details and secret login codes will be up for grabs in a single spot. Instead, consider using a password manager service where you can store all of your and your clients’ passwords and personal information.
- Set up two factor authentication
Setting up two factor authentication for your accounts is going to add an extra layer of security to prevent hackers from stealing your data. We recommend staying away from text message two factor authentication where possible, as in general it is less secure. Instead it’s possible to install an app in order to generate a 2FA key.
How do you switch on 2 factor authentication?
The specifics will vary from platform to platform, but the general solution will be to find the settings section of your account. Once there, you should see mention of an additional way to protect your account: 2 factor authentication. These can sometimes be called different things, but the concept is the same – someone now not only needs your password to access your account, but also an additional piece of information.
This additional information will typically be in the form of a code sent to your phone or an authenticator app you will be requested to download (“Google Authenticator” is a commonly used example).
How can an intermediary system, like 1Password, help organise passwords?
Password managers, such as OnePassword, operate like a filing system; allowing you to store various sections of information into “vaults”. These vaults can store not only passwords, but also forms, secure documents, credit cards etc.
With certain plans, it also enables you to allow specific users access to certain vaults. We cannot recommend enough just how valuable it is to have all of your sensitive information clearly organised – allowing you to track all of your passwords without needing to memorise them.