You need to turn on 2 Factor Authentication pronto because its the only way to A) know if someone is trying to get in and B) if someone has your password.
Here’s a quick story about someone who always rebuked turning on 2FA:
A client has a cloud email system that they’ve used for a couple of years and which has given them no trouble.
We brought up the idea of adding text verification to tighten security but their point was always that “we’re not the NSA, there isn’t anything that important on here to worry about”.
That’s all fine and dandy until a staff member’s password gets out and someone was able to log in and start sending nasty emails to their contact list.
When an email password gets out, the hacker does an initial pass for keywords like ‘Bank’ ‘Account’ ‘passwords’ etc. and then once that is done they send out more scam emails from your account and create an Outlook rule to delete people’s responses to you.
So not only do they have ANY and ALL info from years worth of sent and received emails but they’ve also notified your entire contact list that you’ve been hacked.
It’s not a good look and it doesn’t exactly instill confidence in your clients.
So what is 2 Factor Authentication
Simply put, 2FA just means that you need to enter 2 forms of identification to log in.
2FA options include passwords, phone calls, text messages, phone apps, secondary email addresses, fingerprints, security questions, and more.
The point of 2 Factor is to lock down access so that even if some guesses or steals your password they would still need to have your thumbprint or cell phone in order to actually get in and do damage.
2FA is not difficult to setup and is typically very convenient. You click APPROVE on an APP, touch your finger to a sensor or answer a simple question and you’ve made a hacker’s life much more difficult.
How do I use 2 Factor Authentication
This question is dependent upon what systems you use. If you have a cloud or web-based system then there is likely a setting in the security preferences to turn it on (or you admin will have to turn it on). Office 365, G-Suite, Email and Banking Systems all have easy to use 2FA.
If you have internal systems than a program like DUO will easily allow you to setup Text or Push alerts that ensure that your remote access is locked down.
Coordinate with whoever administers your systems and see if it has 2FA and how to turn it on.
