So first, how it works and benefits and pitfalls that come along with it. So two-factor authentication instead of
requiring users to simply enter in their username and password, it requires an extra piece of information. They usually say this is something that the user knows and something that the user has. So typically, the something that the user knows, is their password and then the and then the thing that they have is traditionally a mobile phone. It used to be hard tokens; little devices where the numbers would change on a consistent basis. but now, because everyone has smartphones, it’s been moving to the smartphone area. And so you utilize it in combination. If someone steals your password, they’re unable to log into that system because they don’t also have your cell phone. And so what this does is, it solves the problem of data breaches through weak or stolen passwords. It solves the problem of your employees sharing passwords to other users. It solves them from utilizing the same password in your workplace as they do with all of their personal accounts. So it adds a great bit of protection to your organization by adding an extra step in order to log in. and even when it comes to two-factor authentication there really isn’t much training required for the user base, because they’re already doing it in their personal life. lots of social networks require you to confirm who you are when logging in from a brand new computer. Banks will text you an extra code that you need to enter prior to logging in. So lots of people are extremely familiar with the two-factor authentication process and so there are a couple of different examples of what you can do. people like to talk about two-factor authentication which would just be the password and the one-time password that you get off your cell phone but most people have a password on their cell phone to get in. They require a fingerprint to get into their phone. So now, I don’t just need their password their phone I also need their fingerprint or their pin code to the phone. So, it’ll be three-factor authentication and it can keep getting more and more complicated. So some people have started calling the industry multi-factor authentication because it doesn’t just have to be only two-factor. and so there are a few pitfalls or cautions when it comes to two-factor authentication first is the delivery methods. Lots of companies still utilize SMS for their two-factor authentication one-time password. but SIM cards and cell phones can be stolen. They can be cloned. They can be copied. So, even if you don’t know the password or the pin code or the fingerprint in order to get into the cell phone, you can take the SIM card out of their phone, put it in a new phone and now when you log in, they will get sent the SMS message. so SMS we definitely recommend against. Hard tokens, if you go, the hard token route users typically lose them and they. the cost ends up going to you in order to provide a replacement for those tokens. Whereas most people always have their cell phone with them and if they lose their cell phone, they typically are the one to purchase a new one. and if you, look the other thing is when it comes to cell phones if employees are utilizing their own cell phone, you need to make sure that they’re accepting of installing this one extra app in order to get that one-time password to log into whatever system it might be. and then finally with any new system there is going to be some resistance to change or increase in complexity but it’s a lot lessened, due to the fact that people are utilizing to factor in their personal life. and so what we see from a benefit standpoint is it allows increased flexibility for employees because now they might be more able to log in from home or to remote in from home because you have these extra protections in place. Very much so companies whenever they have encryption and two-factor in place people are more willing to do business with you if they know that your data is being protected. and this can go down to law offices or banks and what-have-you but if your data is being securely protected, companies and users alike will feel more comfortable putting their trust in you. and then finally you just get the improved security against bad user practices and you reduce data theft by having that extra level of protection. On the encryption side there really are two main forms of encryption: you have the file folder, email level encryption, where the users choose what they want to encrypt. So, they decide what emails they are important and what files and folders are important. and then there’s full-disk encryption where the entire hard drive and all of its contents are encrypted. Now, you don’t have to leave anything in the hands of users at all. and so on the full-disk encryption side, there are a couple of different options. They have first, without a pre-boot screen. So you have the operating system with full-disk encryption, cannot boot up until the disk is decrypted. and so there’s lots of solutions out here that utilize full-disk encryption without that pre-boot screen. TPM chips and BitLocker are main ones that utilize this and what it does is it ties the hard drive to the computer and it will only boot up if the hard drives still in the original computer. The problem with this method is, that if someone steals the laptop, they’re not going to try and take the hard drive out of it first. They’re going to turn the computer on and they’re going to be brought to the windows login screen. Now, if they know that users password they can log in and access all of the data even though that hard drive is encrypted or they can utilize password cracking utilities to bypass the windows login screen. So without a pre-boot screen, you’re still missing a main component of protecting data. With the pre-boot screen, whenever you turn on a computer or reboot a computer, you’re brought to a screen right after the BIOS that in order for windows to boot up, this screen needs to be completed. Either by clicking “start system” and typing in your username and password, or clicking lost details and the admin can reset your password from a central location. But this pre-boot screen needs to be utilized first, so that we can protect both people from removing hard drives out of a computer, and people bypassing the windows login screen. Because this pre-boot screen locks out all of the sort of drivers that would be utilized to bypass password screens; like CDs, flash drives, and so forth. So what are the main pitfalls or cautions with encryption? There is an increase in complexity for users. This is something that they might not be familiar with. So there will be some training involved for any users that you may have. Whenever you’re doing full disk encryption, there will be a long initial process where that encryption is taking place on the devices. Most of the time I recommend executing the initial encryption on the weekend, on Friday before everyone goes home, so that when everyone comes in Monday, everything has been completed. And if you are utilizing file, folder, or email encryption, that leaves determining what’s important up to the users. And usually whenever it’s left up to the users, they choose wrong several times and the benefits are the ability to remotely remove access to data. This is really important with the mobile workforce. Because nowadays, if you have a mobile or remote employee, and you need to terminate that employee, you don’t want them to steal your information, damage your reputation by sending emails to someone or any of those things that go along with it. So you want the ability to remove access to that data. Then you can have HR give them a call and let them know they’ve been terminated. Or if the computer has been lost or stolen, you can do the same thing. It of course, meets required compliances like PCI or HIPAA, and it reduces data exfiltration so people taking data outside of the organization when they shouldn’t. And then finally it improves your reputation because now it’s harder for people to damage you by stealing information and just the fact that you have encryption in place makes you more secure in case of a data breach. And then reducing data theft. It’s much harder for people to steal that information if they have trouble gaining access to it when the device has been stolen or lost.