In 2016, cyber security matters more than ever. Justworks understands it’s not only important to us, but to our customers as well. That’s why we’re launching Two-Factor Authentication (2FA).
2FA is a widely used method to protect against stolen and hacked passwords that offer access personal information. 2FA confirms a user’s online identity by leveraging two steps in the login process:
Sign in with your password
Input a code generated and sent as a text message (or) use a third-party app to access a site.
Both employees and administrators using Justworks have the ability to enable 2FA. We encourage all of our users to take advantage of this feature.
Here's how 2FA works:
Employees and admins can enable, disable, and manage 2FA directly within Justworks. - Once 2FA is enabled and you sign into your Justworks account, you will be prompted to enter a code that is sent to a secondary device (most people use their cell phone). - You can opt for Justworks to ‘remember you’ for 7 days so you only need your secondary device to retrieve the security code once a week. - Justworks 2FA also allows you to use a third-party app to generate a code instead of a text message for an extra measure of security.
Wondering what else you can do to protect your company and personal information? We interviewed Justworks’ VP of Engineering Nick Thuesen to answer some of those questions.
Justworks’ product engineering team is launching a bug bounty program. Essentially we’re going to create a version of Justworks that “white hat hackers” can attack and find vulnerabilities. When they report them to us, we will give them a reward. The reward varies based on the level of vulnerability reported. It will last indefinitely.
Everyone nowadays is susceptible to phishing and other security threats. The three main factors we have to protect ourselves against are identity theft, fraud, and flat out theft. We store a lot of sensitive information for our clients and we want to make sure both we are able to keep it secure and they themselves are able to keep their sensitive information secure.
Companies should come up with a security policy and best practices for resetting people’s account information. Schedule security updates and talks for the company. Create a security culture where everyone in the company is comfortable with the idea and the responsibility of being aware of security issues.
Work to make sure that everyone in the company understands that security is a problem for everybody in the company, not just some people in the company. Be aware of attack factors everyone can be susceptible to, like false phone calls and phishing emails.
Not understanding all of the main factors of attack companies are targeted through. People tend to think of it in terms of “servers getting hacked,” when they’re more likely to be tricked into giving sensitive materials and information over the phone. Social engineering — a tactic used to take advantage of human nature to be helpful and trustful to obtain information — is more scary than traditional hacking over a server.
In 2016, this is one of the more important things companies should be thinking about. Newer companies are especially vulnerable to little security oversight. There’s no such thing as too soon when it comes to security and best practices.
Still have questions? Check out our articles about two-factor authentication and Justworks Security.
Scale your business and build your team — no matter which way it grows. Access the tools, perks, and resources to help you stay compliant and grow in all 50 states.