Jamie Watson, managing director of local IT consultant Fusion IT, begins a new sponsored editorial column on Huddersfield Hub. In this first edition, Jamie discusses the importance to two-factor authentication – or 2FA – and why it’s crucial that local businesses take the time to put it in place.
Most people believe their emails to be secure and they will happily transact very important conversations wholly believing they are talking to the intended recipient.
But so-called ‘man in the middle’ attacks are being used more and more, where people hack into a user’s email using various means and then start to intercept certain email conversation.
This might not be too much of an issue if you only email your friend Richard in Australia, but what if you are a finance manager and responsible for paying invoices?
At the last minute, someone you have been conversing with may tell you about a bank detail change, and you may think nothing of it as it has the person’s signature and it refers to the product or service you’d paid for.
You send the payment and shut down your laptop for the weekend; you have just sent £10,000 to the ‘man in the middle.’
The solution
At Fusion IT, we recommend that all of our clients use 2FA for accessing Microsoft 365.
This means that for someone to log into your account, they must use a code sent to your mobile phone via text, or use the Microsoft Authenticator app on your phone to finalise the log-in.
This way, unless the man in the middle has also hacked your phone, they are unable to progress, even if they have worked out your password.
Ultimately, it’s in the client’s hands to decide if they want to take the risk – and some people see 2FA as an inconvenience.
But, internally, we now realise that to ensure complete adoption of this extra security feature, we must change our approach from mere ‘recommendation’ – and insist that 2FA is non-negotiable.
We are the trusted third party and the client just needs us to do what’s right. After all, you don’t often question anything a doctor recommends…
Attacks on the rise
We are seeing more and more of these types of attacks; not only on our clients’ systems, but also in the news – only in the last week, the NHS was hit, as was Advanced.
These attacks are serious and go some way to proving how intelligent these criminals are, and no matter how much you spend on IT, you can be a target.
So, ask yourself – do I get prompted to enter a secondary form of pin number every now and then when I access my work email?
If not, then the chances are you don’t have 2FA enabled, and you are extremely vulnerable.
Time to act
In these instances, I’d strongly advise that you contact your IT supplier – or us!
We recently surveyed a number of local firms in Brighouse and Huddersfield and, out of the 22 that responded to our survey, only 6 had 2FA enabled on their email systems.
It’s very easy to achieve using the built in Microsoft 365 2FA security.
Please don’t leave this until it’s too late, act today.
Visit https://www.fusionmanageit.co.uk to learn more.