Harden your 2-factor account security with a G Suite for Business account

-
There are almost too many ways to count how a G Suite user account can be secured with 2-factor account (2FA) security. It is also why Google is an industry leader for commercial-off-the-shelf business suite software and security.

Other platforms can rely solely on SMS and recovery email addresses to secure their accounts, but these measures aren't all that difficult to get around these days.

Here is an example of a traditional 2FA setup using a primary Email account + SMS text based security codes for account authentication. The email address is also connected to other important logins.


But if someone wants to target this account to gain access to the other logins, it's not all that difficult to hack into the 2FA security if it is SMS, or worse, Recovery email address based.

How it is done is rather simple: the attacker gathers enough of your personal details from places such as social media (Facebook and LinkedIn especially), online wedding registers, and data pirates that sell your private data online for next to nothing. From places like these an attacker can obtain date of birth, mother's maiden name and your mobile phone number. They can then call up telco providers until they find your carrier and request a SIM port over to them.

This is more common and easier than you think, and once complete, the attacker is able to access your 2FA protected email account because they are receiving all of your SMS messages at this point. Once that's done, there is little to stop them from accessing just about everything you log into online.


Here is where a G Suite for Business account demonstrates it is ahead of the competition. Google 2-factor account security isn't reliant solely upon SMS based 2FA security, nor Recovery Email addresses.

Here is a list of non-SMS 2FA methods available to G Suite for Business users:

  • USB/Bluetooth Security Keys (Yubico et al.)
  • Google Authenticator app
  • Mobile device one-touch pass through (not an SMS code)
  • Backup 2FA codes (offline one time use codes you can print out)
  • Voice-based 2FA codes to your landline
  • G Suite Admin
It is unconscionable to not secure your primary email address with 2FA, regardless of whether you're an outlook.com user, an Amazon Web Service (AWS) organization, or a Facebook advertiser or Business page holder. You don't leave your front door unlocked at night; why would you do the same for your main email account you rely on for your online activities?

Don't take our word for it, and don't think just because you're tech savvy you're immune to this threat. Read how an I.T. engineer had $100,000 of digital currency stolen from him using the method above.

https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

Do you or your business need help securing your data from hackers and crackers and bears (oh my)?

Contact our security team at https://nephological.com.au for more information. We specialize in helping small and medium sized businesses improve their I.T. with tools such as G Suite for Business and all-things-Google.

Comments

Post a Comment

Popular posts from this blog

Running out of space in Google Drive? Here's what you need to know...

-
Image
It can be a bit scary when nearing your storage limit in Google. Whether you're using a free gmail.com or a G Suite - Basic license, running out of storage is a matter of when not if . Nephological's recommendation for G Suite users nearing storage capacity is to upgrade the organization to G Suite - "Unlimited". These type of G Suite for Business accounts have literal unlimited storage in Gmail and Drive when there are 5 or more users in the organization (1TB per user for 4 users or less). However, sometimes this upgrade isn't an option, or not the right time. Here are a few easy steps to mitigate a Google account nearing its storage capacity: 1. Sort Google Drive by file size https://drive.google.com/#quota Removing the largest files at the top of this list will give you some instant breathing room (don't forget to empty Trash/Bin. Actual storage % changes can take up to 24 hours to correctly display). 2. Upgrade storage for one user http
Read more

Google My Business isn't just about Google Search and Maps results

-
Image
Google My Business is more than just managing your listing in Google Search and Google Maps. It's an engagement platform to talk to your clients. This can be in the form of responding to Google Reviews (and not just the bad ones), using Google Posts to broadcast something directly into Google Search (hello, free advertising?), or answering questions posted on your listing. Answering questions on your Business Profile helps:  Educate people about your business  Showcase quality customer service  Build relationships with customers Regardless of whether your business provides services or products, not having a managed listing in Google My Business (GMB) puts you at a distinct disadvantage to your competitors and effects an impression of apathy or ignorance of technology. Need help setting up your business inside GMB? Have a rogue or unmanaged listing? Nephological are experts in Google My Business, including Google Posts training, Google Ads Express campaigns (a
Read more