A company’s digital assets and patented technology are vulnerable to data theft and cyberattacks without proper protection. In my last post, I discussed three steps to take to secure email, which is a common weak point. Here are three more steps to take.
#4 Use two-factor authentication. Even when using a password manager, there is still a minor chance somebody will obtain your password, for example, by directing you to a phishing site (a fake but convincing site where you enter your password). Also, somebody who hacks the password database of the service you use might be able to get your password and log into your account.
To prevent this, strengthen your password with two-factor authentication (2FA). 2FA means we use two different types of credentials, usually:
- The password
- Something you have in your possession
The ‘something’ is usually your phone (using SMS or an authenticator app) or a specialized encryption key you carry with you.
- The most common type of 2FA method is SMS. You provide your phone number to the email service you use, and every time you log into from a new device you are sent a one-time password by text message. This makes it a lot harder for anyone to take over your account because they not only need to know your password but also be in possession of your phone.
- Of all, SMS is by far the least secure 2FA option. Some mobile phone providers (especially in the United States) make it easy for anyone to fraudulently take over your phone number, while in others (such as China) the government has access to your text messages.
○ Authenticator App
- An Authenticator App is an app you install on your phone that creates a new code every minute. This code pairs with the site or app you want to use to authenticate yourself. Unlike the SMS option, it also works if you don’t have cell phone reception and nobody can intercept your codes.
○ Hardware token
- The strongest method for two-factor authentication is a hardware token, such as a FIDO U2F key. This open standard allows you to carry an encryption key on your keychain, which you can slide it into your USB port or past your NFC antenna for authentication. Unlike other options of two-factor authentication, a hardware token can also verify the identity of the service you are logging in to, efficiently protecting you from phishing attacks.
#5 Take care of backup codes
The majority of your work securing your account is now done. Many providers allow you to create backup codes for the case that you lose your phone or don’t have your hardware token at hand. That’s a great feature, but be careful with where you store these codes. If you leave them on your desk, anybody who walks past might be able to use them to get into your account. Best to put them in a safe!
#6 Review apps and connected devices
Before you log out of your account, review the list of connected apps and devices. If there is an app you don’t recognize, or aren’t sure if they are yours, best to disconnect them! Worst case, you’ll have to grant permission them again on the next login.
Next up: Financial services, cloud storage & social media
Now that you have a secure email account, it’s time to give other accounts the same treatment. Since your computer now has a good password and you are using a password manager, start with:
- Changing your passwords on your accounts
- Enabling two-factor authentication
- Reviewing the connected apps and devices
By following these simple steps diligently, you’re now pretty much unhackable.