The European Union Agency for Network and Information Security (ENISA) is a center of expertise for cyber security in Europe. In the run up to GDPR, ENISA have published guidelines for SME’s on security of personal data processing. These guidelines are available to download here.
In section 4.2: Technical Security Measures, guideline K.7
- Two-factor authentication should preferably be used for accessing systems that process personal data. The authentication factors could be passwords, security tokens, USB sticks with a secret token, biometrics etc.
Multi-factor or Two-factor authentication is a method of authentication that requires the use of more than one verification method and adds a second layer of security to user sign-ins and transactions. It works by requiring any two or more of the following verification methods:
- A randomly generated pass code
- A phone call
- A smart card (virtual or physical)
- A biometric device
In the battle against cyber-criminals MFA is a very effective deterrent. Microsoft have included Multi-factor authentication with all Office 365 subscriptions. Please contact us to discuss this additional security feature.