According to a recent Verizon data breach report, over 80% of hacking related breaches were as a result of weak, default or stolen passwords. Certainly, as an IT support organisation we have seen a significant rise in the amount of calls as a result of passwords being compromised. It is not just financial institutions being targeted; it is happening in every type of organisation and to users at every level. As an IT service provider, we always educate users on strong password policies and we can also work on strengthening firewall configurations and implementing group policies that enforce better security measures. However, at user-level these measures are not always enough because single-factor authentication doesn’t protect users against sophisticated hacking scams and keylogging tools that can lead to their machines getting compromised.
As the hackers become more sophisticated so too must the measures we put in place to protect and prevent security threats. So we are recommending Two-Factor Authentication (2FA) across the board for our clients using Office365, or indeed any application that can be accessed over the internet. 2FA works by adding an extra layer of security on top of the password, so users have two steps to complete before they can log in on a new device – they enter their password in first, they are then required to acknowledge a phone call, text message, or an app notification on their smartphone before they can successfully sign in. It is particularly useful if users are accessing Office365 over a number of devices and strengthens your security around BYOD (Bring Your Own Device) Policies.
In terms of implementation, in the case of Office365 it is initially a matter of enabling Two-Factor Authentication on the Office365 console for each user then working with users to complete the verification process. This involves logging into the Office365 web browser, verifying the account and setting-up the second authentication method i.e. by SMS. At the end of the verification process the user receives a unique application password and it is important that they save this because they will need to use it to access any new application or device that is used for Email – this process will only need to be done once for each new device or application. To aid the roll-out, we would recommend that supportIT is on site for a block of time to coordinate with users and work through that verification process.