Jonathan M. Gardey, MBA, CFA®, CFP®
President and Chief Executive Officer
As financial advisors, we dole out financial advice daily. But sometimes, that advice has nothing to do with stocks and portfolios.
A sound financial plan includes several items that protect your personal assets and your business, such as insurance, powers of attorney, and a will. But in today’s digital age, we find that a lot of business owners forget about threats from online sources. In fact, a 2020 study by cybersecurity company BullGuard shows that more than 40% of small businesses have no cybersecurity in place at all. Cybersecurity crimes are on the rise, and business owners can and should take simple steps to safeguard themselves and their businesses.
Setting up two-factor authentication is one of the best pieces of financial advice we can give business owners. What is two-factor authentication? How can it help you personally? How can it really help your business? And how exactly do you set it up? We will take a deep dive into this important topic and help take at least part of the cybersecurity load off your to-do list.
What is Two-Factor Authentication?
Two-factor authentication just means that a user is asked to complete two steps correctly in order to verify that they are indeed who they say they are. If you’ve never heard this phrase before, most likely you have at least encountered two-factor authentication and just did not realize it.
For example, you use a username and password to sign into your bank website to access your personal accounts. Before you can fully login in to your account the bank may require one of the following actions, you have to enter a code that was sent to your cell phone via text message, call a phone number the bank provides to get a code, click on a link sent to your cell phone via text message, or answer a personal security question, such as the first name of your paternal grandmother or the model of your first car. The first factor is your password; the second factor is the code, click on the link, or security question answer.
If you’ve been to your doctor’s office lately, you’ve likely seen another type of two-factor authentication, as most medical facilities now require either a fingerprint or security badge to be scanned on a device that is hooked up to a computer in order to access patient files.
Your business isn’t likely to go as high tech — and may not need to if you aren’t accessing customer personal information — but it’s important that you understand what it is and how it works.
Why Business Owners Should Use Two-Factor Authentication
As we mentioned above, setting up two-factor authentication is one of the best pieces of financial advice we can give business owners. Let’s break down the financial part of that.
Nearly 60% of small to medium business owners think their business isn’t likely to be targeted for a cybersecurity crime. However, in Verizon’s Data Breach Investigations Report small businesses represented 43% of all data breach victims. And here’s the big financial kicker: The average cost of that kind of data breach to businesses with 500 employees or less was $2.98 million, according to IBM.
Let that sink in for a moment. … Nearly $3 million for one data breach.
And that doesn’t include the intangible costs like your reputation going down the tubes when you have to tell your customers or clients about the breach. Trust can be everything when it comes to small businesses. How do you rebuild without it?
To Combat Repeated Passwords
Two-factor authentication isn’t the end-all, be-all of cybersecurity measures. But it is an enhanced security measure that will make it harder for those looking to get into your systems to bypass what may be some lazy password habits on your part and on the part of your employees. Hey, we’re not judging! It’s unfortunately pretty typical human behavior. The 2021 Psychology of Passwords Report from LastPass, one of the more popular password management systems, shows that 65% of people always or mostly use the same password everywhere. Repeated passwords make you more vulnerable, but two-factor authentication can help in those situations. Of course, switching up your passwords and using two-factor authentication on top of that is even better.
To Combat Phishing Scams
While repeated password use is a big issue, what leads to a data breach for small and large businesses the most is email phishing, according to Verizon’s Data Breach Investigations Report. Phishing emails are so lethal because they look like they are from someone you know, including someone within your own company. So, when they ask you to share personal information or click on a link, you often don’t think twice about it before it’s too late. By that point, the sender now has access to a lot of scary possibilities like your entire company network, your client’s data, and your personal information, such as your bank information or social security number. But by using two-factor authentication, you can mitigate your risk and reduce your vulnerability to phishing attacks.
Let’s say with that phishing attack, the sender gets login credentials of your employee, Ted. The two-factor authentication your company has set up requires Ted to open an app on his phone to verify that he is trying to login within a set amount of time. Ted is currently on his lunch break when he gets the notification. He’s at his favorite burger joint and nowhere near his computer. He hits the “Deny” instead of “Approve” when he sees the “Are you trying to log in?” pop up from his phone app. Boom! The two-factor authentication stops the would-be criminal in their tracks and protects your system from any harm. (But also, change your password, Ted!)
Sure, two-factor authentication will most likely mean that it will take you and your whole team longer to log in. That extra time will be worth it to avoid having your identity, data, or money stolen along with saving your reputation and that of your business from being tarnished.
Where to Set Up Two-Factor Authentication
Now that you know why it is so important to implement two-factor authentication wherever and whenever you can, let’s look at where you can set up this security measure.
It’s likely that not every platform you use offers it, at least for right now. As our world gets more digital, that will likely change. If you can shop around for new systems, definitely do so and only go with the ones that do offer two-factor authentication.
In addition to your banking and other financial institutions, here are some top technology platforms for small businesses that have two-factor authentication:
- Tech giants Microsoft, Apple, and Google, who dominate your computers, web browsers, emails, cell phones, apps, word documents, spreadsheets, and so much more
- CRMs like Salesforce, Zoho, and HubSpot
- Cloud data storage solutions Dropbox and Box.com
- Social media channels Facebook, Instagram, Twitter, and LinkedIn
- Accounting software platforms QuickBooks and Sage
- Point of Sale (POS) systems Square, Shopify and Toast
- Cell phone service providers Verizon, AT&T, and Sprint
- Human resources software systems ADP, Gusto, and BambooHR
- E-commerce companies Amazon and Target
Of course, this list is just the beginning. Wherever two-factor authentication is available, be sure to use it — safeguarding yourself, your family, and your business.
If you are in need of a financial ally who is well-versed in guiding business owners and their families, we encourage you to visit our site, learn more about our services, and see if Gardey Financial Advisors could be a good match. We best serve clients looking for exceptional client service, who value a long-term partnership, and have a minimum of $500,000 in investable assets.
Important Disclosure Information
To better understand the nature and scope of the advisory services and business practices of Gardey Financial Advisors Inc., please review our SEC Form ADV Part 2A and ADV Part 3 (Form CRS) available via the SEC’s website @ www.adviserinfo.sec.gov. (Click on the link, select “Investment Advisor Firm,” and type in the firm name. Results will provide you both Part 1 and 2 of the Gardey Financial Advisors Form ADV.) Statistics from third-party sources are deemed to be accurate but have not been confirmed by Gardey Financial Advisors.
This communication is for informational purposes only and does not purport to be a complete statement of all material facts related to any company, industry, or security mentioned. The information provided, while not guaranteed as to accuracy or completeness, has been obtained from sources believed to be reliable. The opinions expressed reflect our judgment now and are subject to change without notice and may or may not be updated. Past performance should not be taken as an indication or guarantee of future performance, and no representation or warranty, express or implied, is made regarding future performance. Readers who are not market professionals or institutional clients of Gardey Financial Advisors should seek the advice of their financial advisor before making any investment decisions based on this communication. Our firm does not render legal, accounting or tax advice. Gardey Financial Advisors works closely with our client’s other professional advisors. Readers who are not market professionals or institutional clients of Gardey Financial Advisors should seek the advice of their financial advisor, tax, or legal advisor before taking any action that may have tax consequences. The solutions discussed may not be suitable for you, even if your situation is like the example presented. Investors must make their own decisions based on their specific investment objectives and financial circumstances. It should not be assumed that the recommendations made in this situation will result in the mentioned outcome. The commentary does not represent any specific clients, investments, or strategies. By selecting the links identified in this newsletter, you may be redirected to third-party websites, not under the supervision of Gardey Financial Advisors, who may have different privacy policies.
This page may include links to external websites over which our firm has no control. Gardey provides no warranties as to the content or accessibility of the website and assumes no liability for errors or reporting inaccuracies reflected therein. Our firm has neither approved nor endorsed the statements made by the site. Website content is subject to change without notice and may or may not be updated. We believe the site to be free of any virus or another defect that might affect computer systems on which opened. However, it is the responsibility of the viewer to ensure any sites they access are virus-free. Gardey accepts no responsibility for any loss or damage arising in any way from any hyperlink.