There’s something so romantic about a secret that even the most staunch Type A business owner may occasionally be tempted to fantasy when issues like data security erupt. Biometrics, like iris scanning or facial recognition, are popular tools to safeguard the most profound mysteries in the world of high stakes cinema counterintelligence. But, as they say, real life is often far more interesting than fiction.
Although movie secrets are protected with overly-intricate, cutting edge locks, your business data can have security just as tight without all the invisible lasers and pressure-sensitive platforms.
You’ve probably heard the term “two-factor authentication.” Maybe one of your cloud-based software providers has even suggested you enable it on your account. But besides being an extra step (and potential hassle), what’s it all about?
Multi-factor authentication, under the umbrella which two-factor authentication falls, is a way of verifying and—then verifying again—that the person accessing a particular bit of data or piece of software is, in fact, an authorized user. This helps to protect that really sensitive data—like customer information that could be used for identity theft—from hackers and bored teenagers who might be trying to get into your credit card transaction databases or payroll accounts.
With two-factor authentication enabled, anyone accessing protected information is presented with two challenges. Much like having to provide multiple forms of identification to open a bank account, this makes it harder for nefarious types to take what they want and leave you with fires to put out.
It works something like this: one of three challenges is issued, either involving 1) something you know (like a password or PIN), 2) something you have (often a mobile phone) or 3) something you are (this is where the movie-inspired spy-gadgetry biometric sensors come in!).
When you pass the first challenge, you’re automatically prompted with the second one, which you’ll also have to pass to proceed. Common configurations include a password, then a PIN that’s sent to your mobile phone or a pre-selected symbol drawn on a mobile phone followed by a fingerprint scan from a mobile phone scanner.
If you think that your data is at a particularly high risk, you may be able to enable multi-factor authentication on your accounts. It works the same as two-factor authentication—except there will be a third test for users. At some point the tests will become tedious for the people who really need to use that information. Combining heavier encryption with a two-factor authentication system may yield better results with much less frustration.
Dispelling the biggest myth about data security
You’ll never meet anyone who says they have too much data security. Instead, you’ll meet Bob, the middle-aged guy who runs the bakery down the road. Bob got hacked last week. His customer data was stolen, his computers locked down, all his records trashed. Bob’s going to lose the bakery because a hacker was able to waltz in to his barely secured system and swipe everything.
Oh, you say, poor Bob must be one of those really unlucky fellas that life likes to kick in the pants now and again. Unfortunately, Bob is one of many. According to research from our friends at UPS Capital, 55 percent of small businesses have experienced data breaches in the last year. But that’s not really the most terrifying part. Of those breached, 60 percent failed within six months of their cyberattack—just like Bob did.
Had Bob, or any of these other small to medium sized businesses, employed a two-factor authentication system with a little data encryption on the side, the smell of cinnamon rolls would still be wafting down Pecan Street. Sadly, they fell for the biggest myth in data security: SMBs don’t have data worth protecting.
Verizon tells us that just shy of two-thirds of last year’s data breach victims were companies just like Bob’s with under 1,000 employees. You may not think you have anything to steal, but that makes you a perfect target. Your defenses are down and the front door’s practically unlocked. It’s not all doom and gloom though. Starting right now, today, you can improve your business data security dramatically with simple tools like two-factor authentication.
Staying one step ahead of cyber espionage
Even if you’re not holding top level security secrets in your business databases, what you are holding is probably pretty important to your day-to-day functioning. Like Bob, you can’t afford to start from scratch or even notify all your customers were there to be a data breach. Instead of facing that potential future, take a turn toward security and implement these simple methods of better securing your data and protecting yourself if there is a breach:
Choose a cloud service with two-factor authentication. Google and Amazon both offer some kind of multi-factor authentication, depending on the needs of your business. Renting space on cloud servers like these can provide you with the best of both worlds. You no longer have to maintain the physical hardware involved in a server room, or physically secure the data, and for a small monthly fee your systems are maintained and updated by IT professionals who can help you protect yourself better.
Don’t store what you don’t need. We’re all closet digital hoarders but when it comes to business information, the more you have the more you have that can come back to get you. If you don’t need to store credit card numbers, make sure they disappear from your systems after they’ve processed. If you can maintain a customer database with only minimal data, do so. Streamline the information you maintain to minimize damage in case of a breach.
Consider data breach insurance. Insurance companies are now offering data breach insurance just for these situations. Rates vary based on your industry, the types of data you’re protecting and how secure your systems are. But it’s an option to help keep the fallout to a minimum if there is an incident.
Running an SMB may not be as full of intrigue as being a movie spy, but it’s certainly got enough secrets. By properly employing two-factor authentication and taking other practical steps to protect your company, you’ll become the one unbreakable vault in a world of unlocked doors.
Jason M. Hanrahan is the owner of Contrast Logic (www.contrastlogic.com) in Lyndhurst and a member of the Meadowlands Regional Chamber’s Technology Committee. He can be reached at (973) 698-8759 or firstname.lastname@example.org.