Mid-Market Companies May Be Exposing Themselves to Unnecessary Risk
by Not Enabling Two Factor Authentication
For the last few months we have been working with mid-market companies on system and ERP evaluations, and in this process, we have observed some alarming security gaps in the areas of identity and access management as well as data loss protection. While we are not an information security company, and we do not typically advise in this area, we believe that there is an important risk-mitigating step we think companies should embrace: Two Factor Authentication in SaaS application usage.
Here is the issue: Some small to mid-market companies struggle to implement stringent effective password management policies, and most do not have GRC efforts that alert owners and leaders of any internal compliance issues. For those using modern cloud computing technology for CRM and ERP, Two Factor Authentication can help to moderate this issue and protect some of the most sensitive of customer and financial data. If you are a mid-market company and you don’t have an enterprise single sign-on solution (SSO) and are using a major cloud platform for CRM or ERP, ask your administrator if TFA is available and can be enabled for your applications.
What is Two Factor Authentication (TFA or 2FA)?: TFA is the method of adding a second layer of authentication when logging into an online account that makes it much harder for hackers to gain access to your sensitive information. This second form of authentication may take many forms or modalities, for instance, a mobile device response upon login providing an additional code or “key” for entry or perhaps something as simple as an additional piece of information that only you would know (e.g., “What is your mother’s maiden name?”).
Here’s an even more important tip involving Two Factor Authentication: Be sure you are using Multifactor (two factors or more) for all online banking activities. It seems obvious that a mid-market company should absolutely enforce password hygiene for bank activities. Are you monitoring Accounting’s compliance? Turning on Two Factor Authentication can add a measure of comfort.
The bottom line: Again, the issue for small to mid-market companies is the lack of sufficient password management policies, and even in the presence of a policy, they don’t have the audit or internal control resource to assure that these policies are followed. TFA is simple to administer when available and should be used.
Using a cloud-based system that does not offer Two Factor Authentication? Contact us today for a NetSuite demonstration. NetSuite is the only built for cloud end-to-end business information system that can solve your marketing automation, CRM, supply chain management, inventory and financial requirements, and offers Two Factor Authentication.
Are you looking to purchase NetSuite Licences, Consulting or Support?
Share your contact information and we'll get you connected to the right person.