Has your remote work policy changed in the last month or two? Are more of your employees working from home or at locations that are “untrusted”? The answer is almost certainly a resounding YES! Now more than ever you need to ensure that Two Factor Authentication (2FA) or Multi-Factor Authentication is being used throughout your organization in as many places as possible. Many people are becoming more comfortable with this concept as they are having to perform these same steps to access their personal accounts (banking, Gmail, etc.).
Whether it is accessing your corporate VPN or cloud-based applications such as Office 365, Salesforce, NetSuite, Workday or many others you need to make sure users are required to supply two forms of authentication to access company resources and data. Something they know (username and password) and something they have (a text message with a unique code or an app on their phone that must be clicked to accept the request to connect) are no longer optional in the workplace.
Microsoft has a Multi-Factor Authentication product called Azure Multi-Factor Authentication that can be configured to deliver Two-Factor Authentication four different ways. The Azure Multi-Factor Authentication service can send you a text message with a code that you must provide, call you on a preset phone number and provide you with the number, provide a rotating code on the Microsoft Authenticator smart phone application, or push a pop up message to your smart phone for your approval. Azure Multi Factor Authentication is available as a standalone product and is also included in Azure Active Directory Premium, Enterprise Mobility Suite, and Microsoft 365.
Fortinet also has Two-Factor Authentication capabilities built directly into the FortiGate firewalls. A physical token or a smart phone application can be used to get a rotating code that can be used as the One Time Password when connected to a FortiGate SSL VPN.
In addition to 2FA, geography-based access to your corporate resources should be something that you consider implementing. Allowing someone to connect from any location in the world may not be necessary, when your users should only be coming from certain geographies. If you only operate business in the United States, why not block any connection attempt from international locations? Sure, you may have users that travel internationally from time to time and exceptions can be made as they arise. Reducing your attack surface in as many ways possible is the best course of action to protect your business now and into the future.
If you are interested in learning more about how Two-Factor Authentication or geography based restrictions could better protect your business, CONTACT THRIVE TODAY!
If you’re like me you’ve probably gotten an email or Facebook comment with a subject like “OMG! I can’t believe he did that! http://crazyvdiueo.co.ul.tz” from a good friend or co-worker. Most people quickly realize that their friend’s account has been compromised. There’s no doubt the victim then gets a message from several people stating “Your Facebook account has been hacked.”
I’ll admit this sort of thing scares me. Not only can it be embarrassing depending on the ‘nature’ of the message sent but I start to question what else these hackers did with all the information in those accounts.
I recently enabled Google’s 2-Step Verification on my account. I have to say I certainly feel a lot better after setting it up. In my line of work, I am in a constant battle with security versus convenience. It’s been said that if you really want to protect your computer, then unplug it from the Internet. In our cloudified world, we need to take reasonable steps to keep our data secure. By the way, 2-Step verification, or two-factor authentication, is not a new concept. It’s been in the enterprise for quite some time and you might have run into it at some point.
How does this whole thing work? Let’s start with the Google Account.