Data breaches seem to be all over the news as of late. The big social media and website companies are bursting at the seams with peoples’ data which in their lack of care is being snatched up and extorted by cybercriminals (the bad guys). However, it is not just the big companies alone who are at fault. Businesses of all shapes, sizes, and industries are ripe targets for every type of Cyber-attack. The Ponemon Institute reported in their 2018 State of Cyber Security in Small & Medium Businesses (SMBs) that 67% of SMBs had experienced a Cyber Attack.
A classic cyber-attack would be for a hacker to get hold of an employee’s password and use the password to gain access to secure data. This is surprisingly simple as many organizations don’t have systems in place for strong password setting. According to SplashData, the most used password is ‘123456’ followed by ‘password’. Admin is number 12… it’s like shooting fish in a barrel. Even strong passwords are no good alone if they are discovered, which is often the aim of modern Phishing emails and whole companies have been formed around fighting phishing (KnowBe4 for example). However, still it is not enough. According to Ponemon 40% of companies had experienced at attack involving employees’ passwords, with the average cost of each attack was $383,365. Are you listening now?
Why should this concern Auto Dealerships?
Auto dealerships are responsible for a lot of data. As well as your employees’ personal information, you also safeguard the information of all your customers’ data including names, addresses, identification and credit card information. That is highly valuable information for the bad guy. Not only will these people suffer if their information is stolen and abused, it will be your fault and you will face the consequences. You can fully expect lawsuits directed at yours truly, and in the aftermath of that, you have the long-term uphill battle against a seriously damaged reputation.
Further still there is another type of data Auto Dealerships safeguard: “Just last June, security researchers discovered an exposed online database containing the details of about 10 million vehicles that had been sold in the U.S. It was later determined that criminals had been accessing the data, which included vehicle identification numbers and personal details about the owners, to clone VINs and make stolen cars appear legal.” (Source: A Dealer’s Guide to Information Security, Ann Nickolas)
And all that stands between this data and the bad guy is a password?
What is Two Factor Authentication?
Two Factor Authentication (TFA) is a way to strengthen the security on accounts accessed via passwords. These systems have been around for a while, but now they are receiving a big push as people realize what’s at stake.
Two Factor Authentication requires someone to prove their identity through two different forms (Factors). For example, when you go to an ATM to withdraw money you put in your card (something you possess) and you put in a pin (something you know). Imagine if you could withdraw money with just the card, or just the pin? That is your Auto Dealership’s data without Two Factor Authentication.
On the software you use in Auto Dealerships TFA will probably look like a password and a one-time password texted or emailed to you. This is a very effective form of TFA and you probably already use it in your personal life. Other forms include apps such as Microsoft’s aptly names Authenticator app, physical keys you can plug into your computer and biometrics like face and fingerprint scanning. Two-form authentication, where you have a second password such as ‘Your mother’s maiden name’ is not the same or as secure as TFA – but it is better than nothing, but if someone is really determined to get into your account and already has your email and password, what is to stop them googling you and getting that information from your Social Media?
Is it difficult to set up?
No, it is very user-friendly and you have probably ignored prompts in the past. What it takes is time, either each person needs to set it up themselves or your IT solution needs to go around and set it up. Once it’s done it’s done and only needs to be set up again for each new employee that joins your company. It requires a little more admin, a few extra seconds to log in, but it is that or risk having all of your company’s data more vulnerable that it should be.
What are you waiting for?
You wouldn’t be happy with only a password standing between the bad guy and access to your bank account – you shouldn’t be happy with only a password protecting your businesses’ data, because a data breach will break the bank.