Tech

#003: WTF is MFA?

In this episode of the Power Up Project, we’re going to talk about:

〉What is Multi-factor Authentication (MFA)?

〉How MFA can help you avoid cyber attacks.

〉What systems you can use MFA on.

Transcript:

Hey, welcome back to the Power Up Project. I am your host for this episode, my name is Ben Love. Great to have you with us. Today we’re going to be talking about multifactor authentication, otherwise known as maybe two-factor authentication, MFA, 2FA, whatever, they’re all acronyms, they all mean the same thing. Basically, it means adding another authentication step in addition to your username and password to access a system.

Now it’s very simple to do, but it’s also becoming very, very important that you do this. A lot of us have got little physical dangles from the bank that are attached to our keyring and it’s got that little code that constantly changes, so if we need to do a transfer of money from our business bank account, the internet banking site will pop up another window saying please enter your code. And that’s when you need to enter that ever-changing code from your little keyring before the transfer will be authorised. That is multifactor authentication. That’s exactly what it is.

So you are already using this on your bank accounts. But what you may not be using it for is to access other pieces of software such as Xero, your cloud accounting platform or MAIB online, or any of your Office 365 environments such as your email or your SharePoint or your One Drive files

Now what we are seeing across our client base is that multifactor authentication is becoming critical to the point of becoming non-negotiable in most environments because it is the single most effective thing that we’re seeing at the moment for stopping user accounts being compromised. So what would happen if your account, if your password were to be compromised somehow by a malicious party, by a hacker we’ll call them. They would know your user name, and they would know your password, and they would then be able to log on to, let’s say your email.

They would then be able to log on to your email as if they were you. So we’re seeing a lot of things like this occur now. We have seen a couple of our clients targeted with this, but it’s also in the news. You might have heard about it. They’re calling it, well, you’ve heard the term phishing, which is an email spam type attack. And then there’s spear phishing where it’s an email that is sent to specific people and customised to try and get their attention and get them to click on a malicious link or compromise their security in some way.

Well the next step on that, that we’re seeing is called whaling. This is where the malicious parties identify the whales within your organisation, so that might be the CEO, the CFO, somebody with a particular authority. And if they’re then able to compromise, let’s say the email account of your CFO for example, then they could send emails around purportedly from the CFO requesting all sorts of activity, mainly that money be transferred to certain bank accounts. Now this actually is happening in real life. People are falling for this, and money is being lost with this particular approach.

But think about this. If the malicious party had your username and password to access your email to be able to send these emails, if you had multifactor authentication in place, if you had another little random security code that was constantly changing on your keyring or your smartphone app that you needed to enter in to your email before you could log on, then it would not matter that that malicious party had your username and password, because they would not have your randomly changing code. So what we are seeing is that multifactor authentication is really becoming absolutely critical, especially for those people in an organisation who have the most authority, who have the most access to different systems.

So what I really want to encourage you to do after you finish listening to this episode is have a think about where in your digital existence you are currently using multifactor authentication. You’re almost certainly using it in your internet banking for your business bank accounts. But are you using multifactor authentication to log on to your accounting system or to log on to your email? Or to log onto One Drive, where you keep all those HR documents. Or to log on to any of these other online platforms that are crucial to your business.

If you’re not using multifactor authentication in those places, please think about turning it on. It is very easy to turn on, there are instructions that you can very easily google, otherwise of course, call your friendly, handy IT company for help. In most cases, all it requires is a couple of setting changes to your account within the application in question, and an app on your smartphone, such as the Google Authenticator App or the Microsoft Authenticator App. And it literally is as easy as that. It will slow you down logging on to these applications by all of maybe four or five seconds, but the big leap forward that you will take in how secure your accounts are is well and truly worth that four or five seconds worth of log time.

So in summary, people, we now know what MFA is, and you now also know that it is critical that you look at your platforms, you look at what you’re using, and you turn on MFA wherever possible.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT and Digit IT. Please leave us a review wherever you get your podcasts, and until next time keep powering up.

#002: Keep Your Business Running when the Internet Fails

In this episode of The Power Up Project, we cover:

〉What can you do to keep your business running when your Internet connection suddenly fails you?

〉Why you should consider getting a second internet connection such as an ADSL connection or NBN connection.

〉Why you should consider having a 4g backup connection.

 

 

Transcript:

In this episode of The Power Up Project, we’re going to be talking about how to keep your business running when the internet fails.

Welcome back to The Power Up Project. I’m your host Ben Love and today we’re going to be talking about how to keep your business running when your internet connection fails. You see, we had a hell of a week last week. One of the major upstream internet providers, we don’t know who at this stage, could have been APT, or Vocus, or Telstra or one of those, had a fairly major outage in some equipment somewhere.

Which meant that quite a few of our clients were impacted with either a total internet outage, or in some cases the internet was still kind of working but kind of really not. In either case, some of those clients coped better than others with that particular internet outage. That really can depend in a lot of cases on the nature of the business that is being done. Some businesses are very time critical and depend on that internet connection. Other businesses, you know it wasn’t such of an issue to be offline for a couple of hours.

What do you do when your business suffers an internet outage like that? What would the impact be on your clients, on your staff, on your productivity? Would it make a big impact or would it really not? Could you go and have a coffee and just wait for it all to pass by?

If you do need to really keep that internet connection going because your business really does depend on it, and those outages can cost you a lot of money, or a lot of goodwill with your clients; you really need to have a backup internet connection. It really is as simple as that.

That backup internet connection could be your mobile phone, for example. You could tether your laptop to your mobile phone hot spot and keep working that way. We certainly have a lot of clients who do that and not just small clients, but big clients too with a significant head count who use that method. It works very well.

That’s particularly useful when some or all their services are up in the cloud, because it doesn’t matter how they connect to the internet to get to them or where they connect to it from.

Some other options you might like to consider for that continuity piece for your internet there, you could get a second internet connection into the building such as a ADSL connection or maybe an NBN connection. The thing you need to keep in mind when you’re dealing with internet connections like that is that they all come into the building via a physical cable.

A lot of the times when you do lose that primary internet connection, it can be because there has been some physical damage to the cable coming into your building. You might have some roadwork going on down the street, or you might have some linesmen doing some work on the cables and maybe a backhoe or bobcat has accidentally dug through some cables.

If your primary internet connection and your secondary internet connection both come in on cables through that same hole in the ground, there’s a fair chance that both of those internet connections are going to be offline while those cables get repaired. That really doesn’t do you much good, does it?

Probably one of the best options we’re seeing at the moment is 4G, leaning on the mobile phone networks for that internet connectivity. As I said, you can certainly hotspot to a mobile phone. You can get standalone 4G routers, which are separate little devices. They’re not expensive.

You put a sim card in them with your favourite telecom, might be Telstra or Vodafone, whoever. That can provide connectivity for your office. There can be a little bit of fiddling around with that type of setup, particularly if you’ve got services both inside the building that you need access to, as well as services such as cloud services that are outside the building.

We can still set it up, there’s just a little bit of configuration that can get a bit fiddly sometimes. One of the really killer solutions we’re seeing emerging more and more is having that primary internet connection with that backup 4G connection built into the router, built into the system you’re already using.

In the event that your primary internet connection does fail, you can have automatic failover to that 4G connection. In a lot of cases, that failover can happen so quickly that you won’t even notice that you’re not running on that primary internet connection anymore.

All of these solutions are available. You need to have a think about your business, think about how important the internet connection is to your business, and how time critical it is more to the point. Put yourself in that hypothetical scenario where the primary internet connection has failed, and it’s not just for a couple minutes but it might be for an hour, or half a day, or two days. Think about what you would do in that instance. Can you work from home? Do you need to set up some sort of a 4G connection for your office so that’s really not an issue?

I’ll leave you with those thoughts for now. Please, give us a call if we can help with any of that. Thanks for listening to this episode of The Power Up Project brought to you by Grassroots IT and Digit IT. Please leave us a review wherever you get your podcasts. Until next time, keep powering up.

#001: Welcome to The Power Up Project


Welcome to The Power Up Project!

In this episode, we give you a quick rundown on who we are, what we do and why we’ve started The Power Up Project.

So great to have you here. We really hope you enjoy our new podcast, and that it helps you power up your business.