ENABLE TWO FACTOR AUTHENTICATION, NOW

The gun trade operates in a highly sensitive and security conscious way in every regard. We maintain high ethical standards and implement strict processes, yet again and again I see people and businesses falling foul of basic security lapses online by using the same password for everything, having overly simple passwords, clicking on emails without checking the link, and more. The most common kinds of digital security failures are all overcome by two-factor authentication (2FA), writes digital expert Philip Montague

TWO-FACTOR AUTHENTICATION

Let me be explicit, if you do not have two-factor authentication enabled on your email, website, social media, and any systems where there is customer or gun information stored – you are taking an enormous risk. Make sure you, and all the people that work in your business, are using it as soon as possible.

Two-factor authentication (2FA) is where you have to provide a code, in addition to your password to access a system like email or social media. Normally via an application on your mobile phone. This means that the criminal would need to possess your mobile phone in addition to your password to access anything sensitive.

It is remarkably easy to fall foul of the different attacks that a cyber criminal can undertake, some don’t even involve you making an error, but most are stopped dead when they require an additional step to access your systems.

UNDERSTANDING ALL OF THE THREATS

The cyber threats faced by businesses in the UK gun trade mirror those encountered across other sectors but carry unique implications due to the sensitive nature of the industry. Here are some of the most common attacks: 1. Phishing: Cybercriminals use deceptive emails or messages to trick employees into revealing passwords or other sensitive information 2. Brute Force Attacks: Automated tools are used to repeatedly guess login credentials until the correct combination is found 3. Malware: Malicious software infiltrates systems, often employed through infected email attachments or compromised websites, to steal, encrypt, or damage data 4. Insider Threats: Disgruntled employees or contractors with legitimate access to systems misuse their privileges 5. Credential Stuffing: Attackers use stolen username-password pairs, often obtained from unrelated breaches, to access existing accounts

Each of these threats can lead to some very serious and catastrophic consequences, ranging from financial loss and reputational damage to legal penalties and disrupted operations. This is where 2FA comes into play.

HOW TWO-FACTOR AUTHENTICATION MITIGATES THESE THREATS

Here’s how it helps counter the most common cyber threats:

1. Phishing: Phishing relies on tricking users into divulging their passwords. Even if an attacker successfully obtains a user’s credentials through a phishing email, 2FA renders the stolen password insufficient on its own. For example, if a gun dealer’s employee is tricked into entering their password on a fake login page, the attacker would still need the second factor, such as a time-sensitive code generated by the employee’s smartphone app. This additional requirement drastically reduces the likelihood of unauthorised access.

2. Brute Force Attacks: Brute force attacks are predicated on guessing passwords through sheer computational power. However, even if an attacker manages to guess a password, 2FA ensures that they cannot proceed without the second factor. Furthermore, many 2FA systems are designed to detect and lock accounts after repeated failed attempts, adding another barrier to brute force attacks.

3. Malware: Malware often aims to harvest login credentials or manipulate systems after gaining unauthorised access to your operating software. While 2FA cannot prevent malware from infiltrating a system, it can limit its impact. For example, if malware steals a password, the attacker still faces the challenge of bypassing the second factor in the process.

4. Insider Threats: While insider threats involve individuals with legitimate access, 2FA can still play a role in mitigating risks. By requiring multiple factors for access, 2FA ensures that even insiders face additional scrutiny when accessing sensitive systems. For instance, a departing employee with malicious intent would find it harder to access accounts if the second factor is tied to a device or app they no longer possess.

5. Credential Stuffing: Credential stuffing exploits the widespread practice of password reuse. Attackers use credentials obtained from one breach to access accounts in other systems. 2FA mitigates this risk by rendering stolen credentials useless without the second factor. Even if an employee’s password is compromised in an unrelated data breach, the attacker cannot access the business’s systems without the additional verification step.

ENABLING TWO-FACTOR AUTHENTICATION

To enable this feature in all of the systems you use, you simply need to Google ‘Two-factor authentication for [Insert the name of your system here]’. Then follow this instruction you find. It’ll be slightly different every time. The instructions will almost always be provided by the company that provides the system you’re looking to secure and that’s because they want you to use 2FA too!

This will make it slightly harder and slower for you to login to your own systems, but I assure you it’s worth a little effort to avoid the embarrassing and potentially costly alternative.