Two locks are better than one
By David Share, Director, Amazing Support
Imagine you had a million dollars (or pounds). Heck, let’s go crazy and say you have a billion dollars. Without a doubt, you would want to safeguard your treasure trove as tightly as possible.
How many locks would you create? How many people would you hire to stand guard?
How many gates and walls would you erect? Everyone would answer slightly different, but it would pretty much equate to the following response: as many as I possibly could. Which begs to question, what kind of value do you place on your information, and what would you do to protect it?
The fact is that in this day and age information has significant value. Indeed, it can encapsulate the life of an entire person in just a few kilobytes of data. However, the sad truth is that the overwhelming majority of this information and data is poorly protected.
In today’s standards, it is like protecting a billion dollars in cash with a zip-tie. It will keep your valuables safe and sound until someone with a bit of persistence, some technical ability and the right set of tools comes along and liberates it from you.
At this point in technology and culture, almost everyone is used to a basic layer of security.
Whether it be a pin code, password, key card or key fob, people are used to entering, saying or swiping their way to gain access. In theory, it should be easy for them to add a second layer of security to their routine. But, this is easier said than done.
Two pieces of behavior make the switch all that much harder: habit and convenience. People have been using single-layered security for decades now and the habit has been cemented into their minds. People are naturally resistant to change and like to stick with the familiar. Change is made difficult by the mere fact that doing something once is usually easier than doing something twice. For many entering a code once is pretty convenient, but they put up a fuss when asked to enter another password.
In order for layered security to be adopted, people’s views regarding this must be changed.
After all, the process cannot be made any easier.
Everyone at this point is quite familiar with the first layer of security. Enter a pin code or
password and access is granted. A secondary layer to authenticate identity simply requires the user to enter a secondary piece of information.
Companies and services like Google have been using this for over a decade now. Say you
want to access your Gmail account. First, you enter your login credentials and your password.
Before you gain access to Gmail secondary authentication is required.
For many, this comes in the form of a code received via text message directly to the user’s
phone.
Enter this secondary code and you ill then gain access to the account. Don’t have access to a phone? Not a problem. Secondary authentication can take shape in several forms from texts, to emails, to automated voice messages, all the way to a human operator calling to give a code.
When told of its efficacy in deterring attacks and breaches, many users are left surprised and can’t believe that they did not implement this security measure much sooner.
Adding another one or two layers of security may seem like a minor inconvenience to a lot of people, but the benefits of doing so are inversely proportional to the risks they are exposed to.
The math is pretty easy; the more layers of security you need to access your data, the more security measures an attacker needs to bypass to gain access to your data. If it’s a little difficult for you to gain access, it makes it ridiculously difficult for attackers to gain access.
About The Author
David has held positions as Operations Director and Head of IT in legal and professional firms for more than 10 years. He is a Director and co-owner of Amazing Support, a Microsoft Silver accredited and specialist Managed IT Support and IT Services company. David actively helps SME businesses receive better Managed IT Support and IT Services in the London and Hertfordshire areas. He also assists overseas companies who are looking to expand their business operations into the UK and helps with their inward investment IT process. A professional member of The Chartered Institute for IT (BCS) and an event speaker promoting business start-ups and technology awareness. Married with a son, you will often see him riding his bicycle around the Hertfordshire towns! David regularly participates in charity bike rides for the British Heart Foundation. David can be reached online (email [email protected] , Twitter @davidmshare),
and at our company website http://www.amazingsupport.co.uk/
