What would be the consequences of someone getting access to your email account for just a few minutes?

Your email address connects you to friends and family as well as business contacts. You may, like most of us in this connected world, have more than one address, a home and work email perhaps.

Just how important to you is it? Would it be more than a temporary inconvenience to you if you lost it or for some reason it was unavailable for even a short space of time?

If you, like the vast majority of us, protect your email address with only a username and password you are vulnerable and for most of you the consequences of someone hacking your account just by guessing the password would be utterly disastrous. (I’ve written about passwords before)

Your email is likely to be the username for many services you use on the internet including your bank account. Your email address is the most likely mechanism that many of these systems use to enable you to re-set your password for those services. Many will also use your email address to re-set your username and password.

Anyone able to gain access to your email account will potentially have the ability to change every password you have on every service you use:- your bank details, Twitter, Facebook, Google Apps, everything!

In a recent incident a friend of one of Ecommnet’s development staff lost access to her email account, it was hacked.

Both her Google business account and her personal Gmail account were hacked and she’s totally locked out.

She’s permanently lost access to her invoices, contacts, customers, calendars, etc.

The attacker tried 7 times to gain access to her bank account and paid for £1000 worth of goods with PayPal. The attacker also reset her passwords to every service she had tied to her email account, social networks, etc.

All could be avoided if 2FA (two factor or two step authentication) was switched on.

If you have any important services linked to your personal email accounts, just do it! Turn on 2FA.

In practical terms, if you’re looking to protect your personal stuff then always turn on two step authentication for any of the services you use. If it supports Google’s authenticator use that as it’ll support multiple accounts and save you having to remember how to use different things for each one.

For anything that involves business information over the Internet use an enterprise grade 2FA system like the Gemalto Safenet Authentication Service and integrate that across everything, including in my view network login as well as remote VPN access and all of your cloud based services such as Citrix Sharefile, Office365, Google Apps for Business, Salesforce.com.

Stay away from SMS-only token-based systems as they are far too easily compromised as has recently been demonstrated by You&Yours on BBC Radio4.

It makes sense to provide users with their token of choice, and SAS supports phone based authentication as well as a wide variety of hardware tokens. If you need more information, please get in touch.

  • I’ve nothing but praise for Robert and the team and despite their long trading history have seen how they have maintained a strong, exciting and invigorating culture of success within their business which, for me, having had 20 years in application development is often more important than pure technical capability as it’s this consultative and empathetic approach which extracts the requirements from non-IT staff to enable Ecommnet to design and deliver a stronger better product.

    — Jason R Wilkinson, Head of Business Transformation, Westfield Health
  • During our 2FA POC and subsequent move to live system, Ecommnet provided a very attentive and responsive support service whenever we encountered problems.  Using the team’s web support portal to raise support calls and requests for changes results in a fast response and provision of support ranging from phone support, through remote console access to site visits as required. Due to the implementation of the 2FA system we now have secure remote access to internal resources while ensuring security compliance.

    — Allen Haigherty, Technical Support Officer, Kirklees Council
  • With the team’s help I was able to get the OTP authentication set up in time for our PCI audit. I just want to say I was very impressed with the level of service and the responsiveness, and the fact they were able to help us out under incredibly tight timescales speaks volumes.

    — Robin Whitehead, Technical Director, Iridium Corporation
  • Robert and the team were excellent, they qualified our environment quickly, were very strong on integrating security and mobile environments and the pilot went in easily. It was nice to deal with a company that was more than just a reseller, they truly believed in the solution and it was a great win for us to find their set of skills just down the road.

    — Steve Watchman, IT Executive, Newcastle Building Society
  • Ecommnet was able to create and deliver an all-new website that has in a short space of time received many compliments and generated enquiries. The team is accessible, helpful and responsive and have removed the ‘pain’ of IT. We were so pleased that they’re now entrusted to look after all our IT infrastructure.

    — Nick Bailey, Director, Elan PR
  • After 6 weeks of implementation issues with a competitive product, Ecommnet were a breath of fresh air, helping us out of a very tricky situation with a great solution in just two days. What a fantastic team; extremely helpful, technically competent and able to deliver.

    — John Clayton, Network Consultant, Kirklees Council
  • Ecommnet has proved an invaluable partner, especially when developing technology solutions to loosely defined business ideas. They bring a diverse range of ideas from their work to produce innovative approaches to solving problems. They will back their ingenuity by sharing in the risk of developing solutions, and having proved a concept will ensure the same team work with you to create a fully fledged product.

    — Michael Bennett, Director, Charles Stanley & Co Ltd