Use Two-Step Verification To Protect Your Local Business

Protect Your Local Business with Two-Step Verification

Think about all of your email accounts, social media profiles, online banking, payment processing, and accounting systems. If any of those got hacked, it could cost you a lot of time, money, and headache. But there is one simple tactic, two-step verification, that can stop hackers in their tracks.

This past weekend, I took my wife to Denver to celebrate her birthday. We had a fantastic dinner at Mercantile, enjoyed some amazing music at Dazzle Jazz, and had an overall wonderful, relaxing weekend until …

Sunday morning at 3:30 AM

I suddenly woke up panicked about something I had seen on my computer the day before. I had typed facebook.com into my browser, but wound up on faceusersurvey.com, a phishing site trying to get my personal info. I didn’t fall for it and chalked it up as just one of those Internet things.

What woke me up is that I finally realized why my browser was redirected. I use Google Chrome on a Mac. I have several Chrome extensions installed from highly reputable companies like LastPass and Google.

But I had also just installed a new extension called Awesome Screenshot. Dang, I knew nothing about those guys! I quickly discovered that Awesome Screenshot has a reputation as adware and was automatically redirecting my browser to other sites.

OK, lesson #1 … NEVER install a browser extension unless you know the company really well. I went through the process to remove Not-So-Awesome Screenshot from my browser, but then my brain really kicked into overdrive …

What if a hacker, through a malicious browser extension, website, or sheer brute force, could somehow figure out my usernames and passwords? What would happen then?

How to Use Two-Step Verification

Your first line of defense against hackers is to use strong passwords and always use a different password for every site. You MUST do this.

But your second line of defense is to use two-step verification — also known as two-factor authentication — for all of your critical online accounts. Two-step verification requires you to enter an extra piece of information when the site doesn’t recognize the browser or device you are using.

For example, let’s say that I access my Google account using a new device for the first time. I correctly enter my username and password into Google, but then Google sends me a text message to my mobile phone with a code. I must enter that code to access my account. This only happens the first time. From then on Google “trusts” that device and I only have to use my username and password.

So, even if a hacker somehow gets my username and password, they can’t access my account because they can’t see the text sent to my mobile phone.

The first accounts to secure with two-step verification are your email accounts:

  • Google – This helps secure not only Gmail, but your entire Google account including Google My Business, Google+, Google Analytics, Google Webmaster Tools, and more.
  • Microsoft – This helps secure not only your Outlook.com email account, but your entire Microsoft account including Bing Places, Skype, and more.
  • Yahoo -Enabling two-step verification on Yahoo secures not only your Yahoo email, but your entire Yahoo account.

Next, enable two-step verification on your financial applications:

  • QuickBooks Online – Uses a confirmation email  for their two-step verification. This isn’t quite as secure as using a text message, but it’s still two-step verification.
  • PayPal – Calls it a Security Key, but it’s still two-step and uses a text message to your mobile phone
  • Square – Currently protects only U.S. customers and access to your online dashboard
  • Stripe – Uses two-step verification, but also uses the free Google Authenticator mobile app where you can create emergency backup code in case you need to disable two-step.
  • Chase – They don’t really promote two-step, but they do have it. Log in to your account at Chase and add a mobile number to your profile.
  • Bank of America – Offers their SafePass system which is their brand name for two-step verification.
  • FreshBooks – Does not yet support two-step verification.
  • Wells Fargo – Does not yet support two-step verification.

Finally, be sure to secure the social media accounts for your local business:

  • Facebook – Calls their system “login approvals” and you can verify via a text message code or through the Facebook app on your phone. You should do this for all of the administrators who have access to your Facebook page.
  • Twitter – Has text message verification, but also processes built in to their iOS and Android apps.
  • Google+ / YouTube – This is the same system used for Gmail. If you’ve already secured your Google account for Gmail, then you’ve already secured your account for Google+ and YouTube as well.

Not sure if a service you use supports two-step verification? Go to https://twofactorauth.org/ and find out.

Of course there always more security measures you can take. But if you use strong and unique passwords, and enable two-step verification for each online account, you’ll have a relatively strong security net in place and should be able to sleep a lot better than I did!

Eric Shanfelt
Eric is the Founder and CEO of Local Marketing Institute. He has 25 years of experience in digital marketing and has been the Chief Digital Officer for several B2B and consumer media companies. Eric has a passion for local businesses and focuses on practical digital strategies to help them attract more customers, build customer loyalty, and grow their business.