Two-factor authentication for business security

As cyber-attacks increase in volume and sophistication, two-factor authentication is a simple measure that can add an extra layer of security for businesses when protecting their data and that of their customers.

Businesses of any size can experience cyber security attacks. Cybercriminals may attack your business to gain access to commercially sensitive information or because an attacker views you as an easy target to cause disruption. Third-party cyber-attacks are also a growing risk for Kiwi businesses as cyber attackers use a third party as a ‘backdoor’ into a company’s systems to gain access.

As digital threats and cyber-attacks become increasingly sophisticated and common, the use of two-factor authentication can significantly enhance your business’s data security.

The importance of two-factor authentication

Two-factor authentication means that two forms of digital identification are required when logging in, such as a code confirmed by a text message to an individual’s phone or email address, or a fob or authenticator that generates a random authorisation code. 

As passwords can be stolen or guessed, two-factor authentication introduces an extra layer of security between data and potential hackers, helping to protect your company’s data, network and customer information.

If your business or organisation holds personal information (categorised as any information that reveals something about a specific individual, such as a document that details someone’s home address, phone details, bank account or PIN number), it must ensure that the information is protected by security safeguards that are reasonable in the circumstances to protect against access, loss or modification.

The Office of the Privacy Commissioner encourages all organisations – big and small - to introduce two-factor authentication to protect the information they hold. It notes that two-factor authentication is a bare minimum it would expect for small businesses or organisations that hold or share personal information digitally. 

It also states that any small business that has a cyber-related privacy breach and has not implemented two factor-authentication, as a minimum security measure, can expect to be found in breach of the Privacy Act.

Managing your cyber risk

Gallagher cyber insurance specialist, Claire Haszard is highly experienced at arranging complex technology and cyber insurance programmes and assisting clients with cyber claims.

“With increasing concern about data security, a commitment to protecting client data can be shown by implementing two-factor authentication,” said Claire.

“Not only is two-factor authentication a cost-effective security measure, especially when compared to the often-far-reaching costs of a data breach, it can also enhance a client’s trust in a company.

“Two-factor authentication is now expected from a regulatory perspective as well as being a pre-requisite for obtaining cyber insurance. Without it, you run the risk of jeopardising your clients’ privacy, as well as undermining your reputation.”