The average office worker typically receives ~121 emails per day. And while most companies have email tools set up to filter out spam and malicious links, they don’t catch everything.
Email spoofing, where a threat actor “spoofs” a fake sender email address to impersonate a trusted person or company (like “relatlvlty[.]com”), is an increasingly common tactic threat actors use to bypass these security measures. They seek to create a false sense of security for employees, often leading to compromised user and company login credentials—which are then used to carryout out data exfiltration and data breach activities.
Two-factor authentication (2FA) is a quick and efficient way to break this chain of attack by adding a second layer of security to the user login process. Simply put, 2FA makes sure that you are who you say you are by requiring a second step of authentication beyond a password, typically done by entering in a code delivered to you via SMS text or email.
In the current age, where passwords and credentials are easily stolen and sold on the dark web, having a second step to verify and authenticate your identity when accessing online accounts and portals is critical to ensuring you stay secure online. So why isn’t this simply the norm whenever we work with and access private, confidential, and proprietary data?
According to Verizon, roughly 50 percent of data breaches occur due to stolen credentials, with more and more businesses across industries being breached via simple credential stuffing and brute-force attacks. It’s a sobering reality that many businesses aren’t doing the obvious by implementing the best practices that can help strengthen their security postures.
Be sure to enable 2FA on as many services as you can; it’s the simplest way to keep your personal accounts secure. And at work, you should follow these same best practices; after all, some of your clients’ most sensitive information is in your hands. They’re counting on you to protect it.
Note: If your organization uses RelativityOne, make sure 2FA is enabled in your workspaces. You can read about enabling this setting for users here, and learn how to log in with this method here.
If 2FA is not enabled in your company apps, now is a great time to reach out to your administrator and ask if it should be. Even if you’re in a non-technical role, the security of your organization’s technology stack is in your hands!
To help support these important conversations, we’ve put together a quick primer that you can use when implementing two-factor authentication within your organization. Keep reading for an easy-to-share overview of what makes 2FA so helpful, and how to implement it in your organization.
3 Reasons You Need Two-Factor Authentication
Google says that 2FA through SMS text messages is proven to stop 100 percent of all automated attacks. If your company is concerned about protecting employees and clients from automated attacks, or just wants to stay ahead of the ever-increasing risks caused by threat actors, it’s time for 2FA.
#1: Solving the Password Problem
Passwords are one of the easiest paths for exploitation. Many employees don’t make them complex enough; as a result, poor passwords account for 81 percent of data breaches. Adding to this anxiety, many individuals reuse passwords across accounts, with the average employee reusing a password 13 times.
Two-factor authentication solves this problem, requiring a second step of verification that helps eliminate the risk of a stolen or weak password being exploited to breach an organization.
#2: Better Customer Experience
Customers today are hardened by the consumer data breaches of yesterday, and they’re demanding better from the services and retailers they use. An overwhelming majority—77 percent—of consumers said that strong data security is critical in deciding what online vendor or retailer they go with.
Enabling 2FA within your business, as well as embodying other cybersecurity best practices, eases that concern with your customer base and can be a business differentiator as you work to set better standards for both your employees and clients.
#3: Compliance with Security Standards
Enabling 2FA within your organization isn’t just good for business; it’s good for regulators and compliance areas, too. Many regulatory standards and compliance frameworks (such as GDPR) recommend or require the use of multi-factor authentication.
Best Practices for 2FA Implementation
So, you’re (hopefully) convinced that your organization needs to enable 2FA across its employee base and with customers. What comes next?
For starters, we recommend standardizing your two-factor authentication process by working with an outside vendor that uses OpenID Connect or SAML 2.0.
Next, you need your added step of authentication to be strong. We recommend using hardware tokens, push notifications for real-time responses, or biometric methods (like fingerprint or facial recognition) instead of SMS-based methods for best results.
Additionally, given that many second forms of authentication come via a user’s mobile device, it’s critical that organizations work to standardize security protocols on these devices. This includes making sure they have the latest firmware and upgrades, strong passwords for initial logins, and proper access controls enabled. As a consumer, you should follow these guidelines for personal reasons, too. They ensure that, even if a bad actor gets their hands on your phone, it’ll be hard for them to log in, verify authentications, and access your private data.
If you’re a Relativity user, there are several easy ways to set up 2FA within your instance, starting with using Relativity’s built-in 2FA tools to streamline and strengthen your login process. For ease of use, Relativity supports both local (such as password related) and external (such as external identification providers) authentication methods. More details on best practices are here.
Finally, RelativityOne users have additional capabilities enabled to ensure their organization is properly using 2FA when accessing their case work. Built into RelativityOne, Security Center gives admins the ability to mass-enable two-factor authentication for their users. You’ll also see increased transparency into the scope and scale of your 2FA network so that you can easily identify who has and hasn’t enabled multi-factor authentication. Additionally, you can monitor who has logged in and from where. Admins can also enable alerts that give you a heads up about suspicious login attempts that go against typical user behavior.
Regardless of why you log into a personal account or work-related portal, the importance of why you should use 2FA when doing so is clear. The benefits—for your company, customers, and personal interests—are evident, and the setup is easy. Prevent avoidable threats and better your risk profile by enabling two-factor authentication right now.
