Two-Factor-Authentication Doubles Your Protection
We get it, you want to focus on the business of automotive retail. That can be hard to do when you are hearing about another huge ransomware attack or other cyber incident that is devastating to one or multiple businesses just about every day.
Just over the July 4th weekend a Russian hacking syndicate launched an attack that crippled at least 200 U.S. companies. This number is likely to grow as the attack seems intentionally timed to coincide with a holiday weekend when IT staffing can be thin and maximum damage can be done before businesses and end-users are even aware of what is happening.
Do you know a Dealership that has been impacted by these cyber threats? Are you asking the right questions about how secure you are or what your response plan is for such an attack? How comfortable are you with your cyber security today?
A recent Automotive News article reporting on findings from Black Kite Security states that almost half of 100 automotive manufacturers and more than 17 percent of automotive suppliers are at a high risk for ransomware attacks. If your manufacturer(s) and suppliers are at high risk, you are too.
As we have stated multiple times, cybersecurity must always be vigilant and current, and cyber safety is the result of multiple tools working in concert to provide maximum defense. Any weakness will be found and exploited by hackers who become increasingly sophisticated with each passing day.
Password security has always been a vital component in this discussion because a password is a control in keeping the bad guys out. In recent years, most systems have started requiring a complex password that is changed regularly. While this can be frustrating for the user, it is absolutely necessary.
It was a single compromised password that led to the Colonial Pipeline ransomware attack that crippled fuel supply to Mid-Atlantic states and sent a panic ripple throughout the entire U.S. economy.
You have probably noticed when interacting with your online banking or even many apps on your phone, that a second piece of identification is required to gain access. Maybe you want to check your balance really quick, but when you log on to the website your bank tells you they have texted a one-time security code to the phone number on file. This is called Two-Factor-Authentication (2FA). It may seem frustrating and detrimental to the convenience we are supposed to enjoy, but it is equally vital because strong passwords are not enough.
Here are some statistics to explain why Two-Factor-Authentication is so important:
- 90% of passwords can be cracked by hackers in less than 6 hours.
- Two-thirds of people use the same password across all their accounts.
- 57% of people who have already fallen prey to a phishing attack still have not changed their passwords.
Despite these known statistics, only 40% of systems use Two-Factor-Authentication, but thankfully awareness is growing.
The protection of sensitive data and systems warrants an extra step to ensure only authorized persons are accessing them.
How does Two-Factor-Authentication work?
As you have experienced, Two-Factor-Authentication requires that you log into a system with a username and password as normal. As part of the login process, you are then asked to provide a second identifier. This second identifier may come from something you own like a hardware token or an app or text message sent to your phone. Another approach to Two-Factor Authentication is a unique identifier like a fingerprint or facial recognition. This is also called a biometric indicator.
Either method greatly decreases the potential for a security breach via login to a system because while one form of authentication may be compromised, it is highly unlikely both would be.
There is a misconception that data stored in the cloud is automatically secured by your provider and additional safeguards are not necessary. This is not accurate. You and your team Is accessing this data from local workstations and a compromised password would be every bit as devastating as it would be if you stored the data on premise.
Do not get lured into a false sense of security by the cloud. That data is more accessible by hackers than if it were stored locally so all security measures, including Two-Factor-Authentication, are necessary.
The current events surrounding ransomware and other cyberattacks emphasize the importance of taking every precaution available to secure the data and systems that run your business. The last thing you want is for your dealership to be the next business in the news unable to service your customers because you cannot access your business tools.
Defense against these types of attacks starts with password security. Partnering with a managed services provider ensures you have the most current, effective tools against cyberattack. Click here to learn more about the many ways DealerIT can help secure your dealership.