Your organisation’s HR software stores your people’s highly personal and sensitive information, from their addresses to their dates of birth, next of kin details, bank account information, and even medical and absence histories.
Cyber criminals and hackers are increasingly targeting HR systems to gain access to this data, which they could then hold to ransom, or use to impersonate others.
Employee data breaches in the UK are on the rise. The Information Commissioner’s Office (ICO) reported that there were more than 3,200 incidents involving employee data security in 2023 – a 41% increase compared to 2022. In fact, employee data breaches accounted for nearly a third (28%) of all incidents reported to the ICO in 2023.
Cybercriminals can target HR systems by using trial and error to guess passwords. Or they can use phishing scams to collect usernames and passwords, which can then be used to access HR software.
Enabling two-factor authentication (2FA) on your HR software reduces the risk of unauthorised access to your people’s data. Let’s look at how it works, the benefits of 2FA, and how to set it up for your HR system.
In this article:
• What is two-factor authentication?
• Are two-factor authentication and multi-factor authentication the same thing?
• How does single sign-on (SSO) fit with 2FA?
• How does two-factor authentication for HR software work?
• What are the benefits of two-factor authentication?
• Is it easy to set up two-factor authentication for HR software?
What is two-factor authentication?
Two-factor authentication involves having a second way to verify who you are and works to deliver an extra layer of protection for user accounts. This significantly decreases the risk of unauthorised access and system breaches.
You probably already use 2FA on a variety of personal and work accounts. Email providers, such as Google and Microsoft, often require two-factor authentication to be set up. Your bank or credit card provider may also require 2FA for certain transactions.
Adding two-factor authentication to your HR system helps to protect the sensitive data of all the people in your organisation. It’s an important part of making sure your HR software is GDPR compliant.
Are two-factor authentication and multi-factor authentication the same thing?
You might see the terms two-factor authentication (2FA, or TFA) and multi-factor authentication (MFA) used interchangeably, especially when it comes to logging into HR software. Both add an additional level of security compared to single-factor authentication – for example, accessing a system using just a username (such as an email address) and a password.
2FA requires users to present two authentication factors. This might be a password and a factor such as a one-time access token. MFA requires at least two types of authentication – possibly more. Factors include: something you know (such as a password), something you have (such as a one-time access token), and something you are (such as a biometric token).
How does single sign-on fit with 2FA?
Single-sign on (SSO) means using a single set of login credentials to access multiple systems. For example, it’s possible to log in to different websites – such as eBay – using credentials provided by Google or Facebook (Meta).
In the same way, organisations can configure their IT systems so that users’ credentials for accessing the company network (ie logging in to computers and email accounts) can also be used to access other systems, such as HR systems.
When you implement SSO, you can set the levels of security required. And be safe in the knowledge that those settings are then carried across to your other systems.
Most modern SSO systems also combine 2FA as a part of their functionality – enhancing data protection. These systems can also be more precise and granular around when they demand end users complete the 2FA step.
How does two-factor authentication for HR software work?
When a user signs into an account that has 2FA enabled, they enter their username and password and are then prompted to enter a unique security code. This code – often emailed to you, sent to a mobile number, or delivered via an authentication app – has a very limited lifespan. After entering the one-time code, the user is authenticated and granted access to the application or website.
What are the benefits of two-factor authentication?
- It protects both the user’s credentials and the resources they can access
- It provides a higher level of access than authentication methods that rely only on a password
- This additional layer of security makes it harder for cyber criminals to gain access to a person’s devices or online accounts by phishing their username and password
- It makes it harder for hackers to access the sensitive information that is typically stored in HR systems, including personal bank details
- It protects HR from data breaches, which ensures that you maintain a reputation for protecting sensitive information
- Codes can be accessed anywhere, so long as the user can reach their email account or mobile phone
Is it easy to set up two-factor authentication for HR software?
Two-factor authentication can be enabled on our HR software to give you extra peace of mind that your employees’ data is secure and protected against cybersecurity threats. You can choose to set up 2FA using codes that are emailed, delivered by SMS (text message), or via an authentication app. You can also decide which users have to use 2FA – you might choose, for instance, to apply it to all manager profiles, but not to other employees.
If you’re an existing customer, speak with our customer care team about enabling 2FA for all users on your HR system.
Or if you’d like to explore if our HR software is right for your organisation, email info@ciphr.com.
This article was first published in May 2020. It was updated in June 2024 for freshness, clarity, and accuracy.