Introduction
Company X has recently sustained severe financial losses resulting from a ransomware attack. In response to the incident, increasing the utilization of two-factor authentication (2FA) has been selected as the key method for creating a stable climate of security and preventing further financial and reputational challenges. Within a one-month timeframe, the workforce is anticipated to implement a set of 2FA-related practices to access the company’s IT assets safely.
Directions for Employees and Managers
2FA for Google Workspace (GW)
Securing GW accounts is essential, and all employees should set two-step verification as a standard option for accessing their business e-mail and Google Workspace applications. The phone number must be confirmed to use the service, and individual employees are to report to their immediate supervisors that their accounts have been secured. Notably, 2FA solutions based on biometric information cannot be recommended for implementation due to their limited sensitivity to facial expressions, lighting conditions, and various camera angles (Ryu et al., 2021). Preference should be given to SMS or push notifications, but constant access to the selected mobile device must be ascertained.
2FA for Online Services Accessed via Corporate Computers: Authy
All department managers should conduct relevant education and ensure that their subordinates install Authy for web services accessed using their workplace devices. Authy is a multi-functional 2FA application that enjoys popularity among commercial entities and is widely recommended by experts for securing various Authy-compatible applications (Boonkrong, 2021). Using the software, the employees should turn on 2FA for all websites they access for business purposes, including social networking platforms and banking applications. Authy should be integrated with cloud-based systems, such as HiveManager, and task management applications used in various departments. Reporting compliance with this direction is required in a timely manner.
SaaSPass Computer Login
To instrumentalize 2FA for access to corporate computers, department managers are anticipated to conduct education on using SaaSPass software and promote its installation. SaaSPass is a highly reliable 2FA tool (Jindal & Misra, 2021). It enables employees to access workplace devices only after using a password and scanning a QR code with their mobile phones or entering a one-time code (Jindal & Misra, 2021). With SaaSPass, preference should be given to barcode scanning solutions as the second user verification step. As with other applications, new SaasPass users should notify their supervisors that the installation has been successful or ask for directions in case of concerns.
Policy Adoption Timeline and Consequences of Non-Compliance
All employees are anticipated to fully implement the three-part policy and report the outcomes to the specified parties within 30 days. The installation of SaasPass should be completed no later than 15 days after receiving the document. The directions pertaining to Authy and GW should be followed by all employees no later than 30 days from the current date. Individual non-adherence cases will be investigated by the IT team, and possible consequences include mandatory education, disciplinary suspensions, and even contract termination. Employee termination will only be considered in case of repetitive and unreasonable refusals to comply with the policy.
Conclusion
To sum up, the policy ensures that each employee installs reliable 2FA solutions to access the company’s devices and services required for their workplace activities. Each employee is required to submit a complete list of services for which 2FA solutions have been installed to the immediate supervisor. The IT department will review and process all reports, thus solidifying the company’s readiness to address novel threats to data security.
References
Boonkrong, S. (2021). Authentication and access control: Practical cryptography methods and tools. Apress.
Jindal, S., & Misra, M. (2021). Multi-factor authentication scheme using mobile app and camera. In G. S. Hura, A. K. Singh, & L.S. Hoe (Eds.), Advances in communication and computational technology: Select proceedings of ICACCT 2019 (pp. 787-813). Springer Singapore.
Ryu, R., Yeom, S., Kim, S. H., & Herbert, D. (2021). Continuous multimodal biometric authentication schemes: A systematic review. IEEE Access, 9, 34541-34557. Web.