Categories
Industry Insights IT Solutions Managed IT Services

What is Two-Factor Authentication?

Despite the additional protection it affords, many organizations ask what is two-factor authentication? Here we will show some business cases studies to better understand the benefits.

Before we dive into some two-factor authentication business case studies, let’s cover the basics.

What is Two-factor authentication?

Is an extra layer of security that is known as two-factor authentication or multi factor authentication.
Cyber-crime is increasing at an alarming rate. Users these days are well educated at internet fraud and the importance of online security including logins, usernames, and passwords.

Unfortunately, many users or organizations are not aware of what is two-factor authentication.

Many standard IT security policies and procedures only require a simple username and password. This has become increasingly easy for cybercriminals to gain access to a user’s private data including personal data and financial details. This then allows the breach data to be used to commit fraud or hold ransom for a financial reward.

Proactive IT departments and managed IT services providers have been actively implanting such IT security solutions to stay ahead of the cyberthreat curve.

How does Two-factor authentication work?

Two-factor authentication adds an extra layer of security to your technology and it is also known as multi factor authentication that requires not only a password and username but also a code to access systems.

Using a username and password together with a unique code makes it harder for potential cyber criminals to gain access and steal data or identity.

This is not a new concept as Google launched in 2011 for online users followed by Microsoft and Yahoo.

Many IT security experts will agree that by using two-factor authentication, it will help to lower the number of cases of identity theft on the Internet. This includes phishing cyber-attacks via email because the cyber criminals would need more than just the users name and password to gain access.

Why is Two-factor authentication important?

Ask many managed IT services providers, IT departments, or IT consultants and they will say that two-factor authentication is one of the best security practices to protect your business and data.

  • Google started their advanced online multilayered security protection features back in 2010 and 2011 for the remaining online users.
  • According to a report by the Pew Research Center, only 10 percent of American adults can correctly identify a two-factor-enabled login screen from a set of four choices.
  • According to Duo Labs, only 28 percent of Americans use two-factor authentication.
  • More than half of those surveyed had never even heard of this security service.

Client Case No. 1 – Highlights

A global information-content and technology company required a cloud-based, modern two-factor authentication solution to protect copyrighted content and user information.

The client already had a corporate mobile device management (MDM) solution in place when they upgraded to a two-factor authentication platform.

With a corporate two-factor authentication platform solution, the client was able to improve the security integrity of corporate and employee-owned smart devices significantly using industry best practices.

The client required the security solution to be deployed for staff which includes employees and contractors.

Client Case No. 1 – The Challenge

The global information-content and technology company is a technology company that helps connect people with reliable information. The organization enables people to get access to the research they needed. The client also helped researchers understand what systems are available for them to access the information they need on demand. The client provides content that is either sourced from publishers or other sources.

Many corporate users have already had experience using two-factor authentication in other organizations. They were used to two-factor authentication solutions in previous jobs therefore there was minimal learning curve. By having them already familiar with the benefits of two-factor authentication along with the pain points, this solution was going to be an easy implementation. By using a cloud-based two-factor authentication solutions, the client did not require additional equipment onsite nor capital investments to their own internal IT infrastructure.

Many more organizations are becoming more cloud-friendly and welcome the opportunity for monthly services in the cloud or software as a service (SAAS). The industry is facing a shift to the cloud and adoption of more smart devices. Corporations are losing the ability to directly control things including their devices as well as employee devices used for business use.

Client Case No. 1 – The Two-factor authentication Solution

The client reached out to determine what two-factor authentication would be best their two very different groups of users. They needed a solution for external contractors and internal employees. The client’s team was very tech-savvy, so they did not anticipate many issues with their employees during the deployment of a two-factor authentication solution. The clients end goal was to upgrade the IT security of the IT infrastructure as well as not burden the users and minimize downtime. The employees and contractors still needed the ability to do their actual jobs.

The client sandboxed the testing by selecting a few employees to test the two-factor authentication. The environment took very little to setup and test. Compared to other two-factor authentication solutions this was very easy and took little time to deploy.

Based on other two-factor authentication solutions, some known pain points encountered by legacy two-factor authentication solutions were primarily around local management, distribution of physical security tokens, as well as the daily proactive IT management of those two-factor authentication solutions. Many of these legacy two-factor solutions required the use of proxies to be able to use the full capabilities of the two-factor authentication solution within the network.

The client was impressed that the present two-factor authentication solution gave them the ability to plug and play into a number of our key business applications right out of the box. There was no need to spend a lot of time getting basic functionality up and running. The client had scalability concerns however the solutions was easily scalable as well as cost effective. By having a cloud based two-factor authentication solution, the scalable cloud service is designed as cloud-first and designed to be scalable in that way.

The solution will help the client grow as well as give them ability to roll it out to the contractors on the outside of the company.

Client Case No. 1 – What Does Two-factor authentication Solution Bring to the Table

The client already had a mobile device management (MDM) solution in place for corporate and employee devices. The two-factor authentication solution provides useful configuration data from any mobile device quickly. It quickly enforces the appropriate levels of control based on the amount of security risk these devices bring with them.

The two-factor authentication solution is lightweight and inexpensive. It gives the client valuable insight and control over devices in addition to their mobile device management (MDM) solution. This solution also extends into the desktop and laptop business environment.

Client Case No. 1 – Has the Two-factor authentication Solution Highlighted Any Significant Risks?

Many users now use a technic called jail brake or rooted on personal devices. This allows for the device to be compromised. Compromised devices allow users to click on links or apps unknowingly. With this two-factor authentication solution, this allows the client to now see these jailbroken or rooted smart devices. This allows for the ability to create custom corporate policies that are stricter about what business applications those employees can gain access to from those compromised phones.

The client is now able to identify which unmanaged devices are not utilizing basic controls such as security passcodes. This has made it easy for the client to notify those users and get them set up with security passcodes and other basic security related policies or procedures. This allowed for increased security integrity of those devices in one move.

After the client used the sandbox environment for two-factor authentication for a couple of months, along with some other team members, they purchased a monthly license for their corporate users and then decided to do the full two-factor authentication deployment.
In order to do the full two-factor deployment solution, the client had 365 iT SOLUTIONS create a self-enrollment process to deploy the two-factor authentication for the entire organization. Over the staged course of five business days, we had the ability to roll out the solution to all employees, contractors, and consultants. The client was very happy that the process was very fast.

The two-factor solution was rolled out to all corporate members and there were very few folks that had any concerns about disrupting their workflow or the inability to work. The software has the “push” feature to devices as well as the ability to use other smart devices such as an Apple Watch to get the code.

Client Case No. 1 – Would the Client Recommend a Two-factor authentication Solution?

“Absolutely, I would recommend it to all organizations as it is a phenomenal IT security solution. It gives organizations good visibility from an IT infrastructure as well as architecture.”

Client Case No. 2 – Highlights

The client is a leading international professional IT services organization that enables clients to access relevant data. They build hybrid platforms, business applications and digital services that bring relevant data for more intelligent operations.

As technology gets more complicated and complex data environment, they integrate data on- and off-premises, in public and private cloud. They build custom digital solutions by supporting clients in mastering the complexity of data solutions.

They offer a wide variety of custom niche program solutions and allow technology to empower people by offering business solutions, and financial processes.

The client needed a better two-factor authentication solution experience than RSA security solution. They needed a solution that was easy to use, flexible, and cost effective so they can secure their corporate devices.

Client Case No. 2 – The Challenge

Identity is a huge concern for organizations especially when it comes to cloud services. With IT security risks top of mind, the client recognized the need for two-factor authentication solutions since they have already been using RSA token solution.

Client Case No. 2 – Flexibility & Cost Efficiency

The client started with a small test deployment with growth in mind. The client switched from RSA to another two-factor authentication solution. They were looking for a solution that is easy to use and flexible. The custom client solution offered the client different authentication methods, easy-to-enroll option, reduced time-to-market, process automation, and cost efficiency.

With many employees enrolled in the two-factor authentication solution, the client can verify user identities when connecting to their network, such as their VPN networks or internal IT networks. This helps the client ensure that people connect when they need to, and only authorized data gets accessed securely.

The custom two-factor authentication solution also gave the client the flexibility to easily manage users and accounts. By using a parent account to create sub accounts, the client enrolled and managed users under those sub accounts. From different operational teams to service desks to the highest-level admins, the client can easily manage those different user groups through the administration portal.

Since the two-factor authentication solution was developed for the client, they leveraged its access policy features that requires users to use strong two-factor authentication solution to connect to business-critical applications. The solution provided more transparency than RSA for the clients’ customers on who was using what, enabling them to create and administer rules.

Client Case No. 2 – Custom Two-factor authentication Solution versus Others

When the client went to market to increase their IT security policies and procedures, they were initially concerned about managing users and authenticators. As a large part of the two-factor authentication solution, the cost often comes from operational work and it is always a concern for their business.

The solution offered the client options to simplify the authentication process. When it came to deployment of the IT security solution, it took them a few days to get up and running including some help from the managed IT services provider to enroll users to the service.

Why Don’t Organizations use Two-factor authentication Solution?

  • It’s not a priority to the organization and management does not see the value.

    A two-factor authentication solution will help protect accounts. Most times it only becomes a big priority only after they have experienced a security breach. Cyber-crime is a rapid growth industry and it has been showing double-digit growth year over year. Cyber-attacks are targeting users and systems, to gain access to the company network and data.

  • Some believe two-factor authentication is not 100% secure.

    Every organization must remember that IT security is a balancing act. They need to add protective layers to keep cyber-attackers out. A two-factor authentication reduces your vulnerability to remote cyber-attackers by leveraging smart devices like their mobile phones.

  • We cannot risk anything that might stop users from accessing the network.

    Security is great at protecting organizations however not when it gets in the way of your users being able to do their jobs. Whether you’re using an on-premise solution or a cloud solution, you should expect it to be always available and always reliable. We believe in cloud-based two-factor authentication as is hosted across multiple independent and audited service providers with strong physical security which allow for scalability and highly available 99.995% uptime.

  • A two-factor authentication solution may annoy corporate users.

    No one likes additional steps to their daily job duties and users are already busy and adding extra steps may annoy many of them. The good news is that a two-factor authentication solution can be easy and natural if implemented right. It should allow users to use their smart mobile devices as their tokens for the authentication code. The app is free and allows for fast one-tap authentication. Some IT departments see BYOD as a disaster waiting to happen however you can ensure that they have a token they’re going to keep track of, which means if a phone is lost or stolen, both they and you can mitigate more quickly.

  • What happens is a phone is lost, stolen, or do not have cell service?

    A good two-factor authentication solution will give users flexible authentication methods. This would include options that work with and without cell coverage, with and without cell phones, and even with and without phones. The goal is to make the two-factor authentication easy to work in every situation that may present itself to all corporate users.

  • The solution is too difficult and too time consuming

    New technology does not mean over complicated implementations. We a properly planned and executed plan, many clients can be up and running within 24 hours from the start of the two-factor authentication solution proposal.

  • Two-factor authentication is too expensive for my business.

    There are many two-factor solutions available on the market. Some are very expensive and do not fit into most budgets especially if you are in the small and midsize business (SMB) segment. You need to find the right approach and security solutions to meet your company goals and budget. By adding a strong two-factor authentication to your organization, you are stepping up your security policies and procedures from cyber-criminals.

What are supported devices using a Two-factor authentication Solution?

A good and proper security service such as a two-factor authentication solution gives you the ability to using multiple device and platforms to get your authentication code or “approve: request.

How do you setup Two-factor authentication for Facebook?

Many users are unaware that Facebook offers two-factor authentication that is like Google’s security measures.

If you use Facebook and would like to use this security service, use the following steps:

  • Log into Facebook.
  • Open the Security and Login Settings page
  • Click “Edit” button inside the “Use two-factor authentication” section
  • Select preferred security method. (App-generated code, SMS-delivered code, Physical security key, or printed recovery code).

How do you setup Two-factor authentication for Instagram?

Instagram is a social media photo and video-sharing social networking service. Even thou it is owned by Facebook, their two-factor authentication options are limited. It only offers this security service in its mobile apps and not on its website.

If you use Instagram and would like to use this security service, use the following steps:

  • Login into Instagram app from your smart device.
  • Navigate to your profile
  • Select then tap the two-factor authentication option
  • Activate the toggle switch to “Require Security Code.”
  • Instagram only uses SMS-based codes.

How do you setup Two-factor authentication for other applications?

Do you wonder if any of the apps or services you use offer two-factor authentication? Have a look at Two Factor Auth (2FA) for a detailed database of two-factor authentication support status for well-known companies and services.

Two-factor authentication should be an essential component of your cybersecurity plan for an organization. As cybercriminals continue to raise their stakes and increase cyber-attacks, many organizations are recognizing the threat of data breaches to their networks.

Cyber security has become a top priority for many organizations, IT departments, managed IT services, especially with the rise of cloud services and remote workers.

To address this security concern, most companies are implementing a tested two-factor authentication. This is considered one of the best security measures you can implement to protect your company, users, and sensitive data.

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT Services, IT Support Services, IT Outsourcing Services, Tech Support Services and Cloud Services.

Categories
Industry Insights IT Solutions Managed IT Services

Businesses Hit by Cyber-attacks Believed They Were Secured

A recent study shows that businesses hit by cyber-attacks believed they were secured however a very large majority was wrong and paid the price.

The study shows that 75% of businesses that were hit believed they were secure.  The results of the new study come from a study that evaluated cyber-security practices from cyber-attacks.

Here are some more alarming numbers based on the study:

  • 86 per cent believe they are doing enough to reduce the impact of cyber-attacks.
  • 33 per cent believe that it is solely the responsibility of IT departments.
  • 87 per cent have a business continuity plan but less than 50 percent have secure practice procedures.
  • 56 percent have a plan for a data breach, but they also believe they are safe when it comes to cyber-threats.
  • 75 percent of organizations have a cyber-security preparedness plan.

Some organizations may believe that is falls onto IT departments or managed IT services however that is not the case. It comes down to the lack of overall business organization, cyber-security planning, and execution.

Many IT security professionals have stated that one of the biggest problems when it comes to cyber security is not that there are no measures in place to protect the businesses, but that they are inconsistently applied and not reinforced.

Cyber security policies and procedures should be a large concern for businesses of all sizes.  A cyber-attack could cost millions of dollars in lost data, reputation, time, and clients.

Businesses hit by cyber-attacks believed they were secured but they were wrong.

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.