Taking a passive approach to security in this day and age is a huge risk that could end up to be disastrous for any business, or person. People and businesses are targeted every day by hackers and it has come to my attention how much of an impact Two Factor Authentication can make, as well as many other changes you can make to make sure your business operates securely.
Two Factor Authentication, also known as 2FA, two step verification is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them i.e. a code that will be sent to their phone as soon as they have logged in. This will then enable access.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and compromise personal data.
Companies and individuals who use services that doesn’t support TFA, could have increased risks of getting hacked in to, therefore enabling this for every service in use is very important, especially if they store critical data. Thus a good idea is to build out and launch TFA across the organisation you work for, or enable it for your personal accounts i.e. Twitter, Facebook, Gmail.
A good strategy to follow, in terms IT governance could include making sure all members of staff who deal with working software and solutions (I.e. software developers/ testers) undertake basic security training. Designing or outsourcing a program within this is very important and is an aspect of security that many developers fail to focus on. It primarily exposes the basic elements of security and ultimately aims to vastly reduce the number of vulnerabilities (within their code).
Encrypting all access tokens, emails, and any other identifiable data you store can also reduce risks to a breach of security. This protects the confidentiality of digital data stored on computer systems. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it, referred to as cipher text. Unencrypted data is called plain text.
Finally, a good way of locating, tackling and repressing bugs within a service is to create a (bug) bounty program. This is a deal offered by many websites and software developers by which individuals can be recognised and compensated for reporting bugs, especially those pertaining to exploits and vulnerabilities.