When you skip two-factor authentication, you’re not just risking an account—you’re handing hackers the keys to your business.
Two-factor authentication is annoying.
Another code, another text, another click.
It slows you down. It feels like overkill… until you realise what’s at stake.
One of my clients recently went on summer vacation.
Their systems ran like a dream—until one small mistake.
A single click on a phishing email opened the backdoor to their entire business.
What should have been a relaxing holiday turned into a disaster that could have been easily avoided.
Here’s the part many business owners overlook:
👉 Your email is the master key to your business.
If it’s hacked, everything else is at risk—banking, apps, client accounts, even attackers posing as you.
And yet, protecting it is ridiculously simple:
- Two-Factor Authentication is free.
- It takes seconds to switch on.
- It gives you peace of mind, knowing no one’s sneaking in through the back door.
🎙 This episode is your reminder to embrace the “annoyance”.
Turn on Two-Factor Authentication—on your email, every key app, and across your whole team (yes, contractors too).
Because the real cost isn’t the few seconds of inconvenience.
It’s the fallout when you don’t.
KEY TAKEAWAYS: Why Two-Factor Authentication Matters for Every Business
- Importance of Two-Factor Authentication (2FA): Implementing 2FA is crucial for securing email accounts and other sensitive applications, as it adds an extra layer of protection against unauthorised access.
- Simple Setup Process: Setting up 2FA is straightforward, especially on platforms like Google. Users can enable it through their account settings, and businesses can enforce it for employees using Google Workspace.
- Risks of Not Using 2FA: Without 2FA, businesses are at significant risk of email hacks, which can lead to phishing attacks and potential legal implications if clients are affected.
- Regular Audits and Checks: It’s essential for business owners to regularly audit who has access to sensitive information and ensure that 2FA is enabled on all critical accounts, including personal ones.
- Encouragement to Share Knowledge: Sharing the importance of 2FA with others, including non-business owners, can help protect more individuals from phishing attacks and enhance overall security in the digital landscape.
BEST MOMENTS: Hard Truths About Two-Factor Authentication
01:40 – 💬 “It is so simple to do this, but yet so many business owners are at huge risk because they don’t put some simple steps into place.”
04:57 – 💬 “It may be a little bit annoying having to do this, but if you look at the consequence of not having this, of getting your accounts hacked…it’s not only embarrassing but potentially, I imagine, you could also have some legal implications as well. ”
07:25 – 💬 “Please make sure that those people also use 2FA to protect their business and stop all these horrible phishing things going off and actually causing mayhem in the world.”
TIMESTAMPED OVERVIEW
00:00 Importance of two-factor authentication (2FA) for business security.
01:24 Client’s email account got hacked, causing business issues.
02:17 2FA adds an extra layer of security to your accounts.
03:20 Enforce 2FA for all employees in Google Workspace.
07:09 Ensure 2FA is enabled on all personal and business accounts.
Episode Transcript
Dr Steve Day: Does Two Factor Authentication annoy you as much as it annoys me? Having to find codes, get emails, get calls, and text messages just massively slows us down. But today I want to share the real reason why this matters. Why you should put up with inconvenience to secure yourself, sleep better at night, and just to make sure that your business security is nailed down. It\\\'s so easy, it\\\'s free. Hopefully, by the end of this short podcast, you\\\'ll know why you need to do it. And how to go and do it in some common apps that we all use.
So today\\\'s episode has been inspired, like so many others, by a call with one of my private coaching clients. They came to me and said they went on holiday for two weeks. Everything went smoothly. The business ran amazingly. They were hugely thankful for the work done together. But somebody had opened an email, clicked a link, and their email account got hacked.
This led to certain problems with the business, which I won\\\'t go into the details. But it wasn\\\'t all pretty. And the question was, how can I avoid this? Surely there\\\'s a better way to put easy steps in place. Steps to stop people from having this risk of getting their emails hacked. It is so simple to do this, yet so many business owners are at huge risk. They don’t put simple steps into place.
If you\\\'ve never heard of Two Factor Authentication, you may already be using it. Even if you don\\\'t know what it is. Two-factor authentication is when you try to log in with your email and password. Then you\\\'re asked to supply a code. Or click a button on your phone. Or maybe you\\\'ll get an email that you have to click. One of those methods sends something to you by a different means. It proves that you are who you say you are. This is standard across most good apps these days.
Things like your email, for example, are where you need to think about having the most secure system possible. Because most other two-factor authentication systems will be able to send an email to you to get in. So if your email gets hacked, there\\\'s a good chance that other things could also get hacked. And with AI getting cleverer all the time, it\\\'s not going to be long before criminals act. It’s probably already happening. When your email gets hacked, they can get into loads of other accounts. They can cause mischief very quickly without you even knowing.
So setting up Two Factor Authentication, or 2FA as it\\\'s known, is super easy to do on Google. You simply go into your settings. Go into security. Then go into authentication. In there, you click a button that says enable 2FA. If you\\\'ve got a free Gmail account, you can do this. If you\\\'ve got a Google Workspace account, you can switch it on for everybody in your company. That means anybody who\\\'s got a paid licence. And then you can enforce that people use Two Factor Authentication when they join your organisation.
You can also do this retrospectively. So, say if you\\\'ve got ten employees already and they\\\'ve got email set up. You can then force them the next time they log in to actually use 2FA to secure their account. This means that even if somebody gets the password, they can\\\'t actually log into that email account. Not without having access to, for example, an authentication app. That allows them to generate a code and put it in. It\\\'s adding that extra layer of security. It pretty much locks down their account.
If you\\\'re not using Google Workspace, you can\\\'t enforce people to do it. That’s because if they\\\'re using their own Gmail account, for example, or a company Gmail account you give them, you can’t push it. But you can still have part of your onboarding process ask people to switch it on. Then request evidence that it has been switched on. You can also check in with people. Just make sure it is still switched on. Because some people get annoyed with it and turn it off. You need to make sure that doesn\\\'t happen.
If you\\\'re using a password-sharing app, for example, something like LastPass, it is essential to have 2FA switched on. That’s because it gives access to many different accounts. This kind of thing is super simple to set up. It\\\'s really easy. It\\\'s quick to do. But as I said before, so many business owners I work with have either not heard of it, or they don\\\'t realise they can enforce it. Or they just never thought of doing it on key accounts like email.
Email is the one thing that I recommend doing this above anything else. But pretty much all of my business apps are now switched on with it. If you\\\'re using something like LastPass, which is a password-sharing app, you can save passkeys within it. That way, you don\\\'t have to open your authentication app. You don’t have to find the code and put it in. It can automatically do that step for you. It makes logging in more seamless. And it doesn’t get in the way of your workflow.
It may be a little annoying to do this. But look at the consequences of not having it. Imagine if one of your company\\\'s emails gets hacked. All of your clients might get some malicious email going from your account. It\\\'s a phishing email that then does the same thing to them. Or maybe it collects account details and causes damage to their business. They could lose money. And it all comes back to you. Not only embarrassing but potentially with legal implications as well. Although I’m not a lawyer.
So I highly recommend you take action right now. If you do nothing else by the end of the day, lock down your email with 2FA. Ideally, lock down any other key apps. Especially password-sharing apps. I actually use it for most things we log into within the business. For our CRM, for example. For all of my banking apps. Anything important has 2FA switched on now.
Since I started using the LastPass passkey feature, I don’t have to get out my authentication app as often. That makes it much less annoying than it used to be. So that\\\'s it for today. The call to action is simple. Do a little sense check, a quick audit about who in your company has access to sensitive information. Make sure the apps that they are using are locked down with Two Factor Authentication. Do the same for yourself.
If you\\\'re not sure if you\\\'ve got it switched on for all your email accounts, check right now. On that call today with my client, I was embarrassed when I showed him how to do it. Then I realised in my personal Gmail account it wasn\\\'t even switched on. That gave me the opportunity to switch it on, which was fantastic. I am now more secure. But it made me realise something important. Even though this is something I\\\'ve been thinking about for a long time. I think I\\\'ve even recorded a podcast about it in the past.
I actually missed one of my key accounts. That’s because I didn’t use that Gmail account very much. It sat in the background for a while. I started using it more now because with a Workspace account, I can\\\'t access certain Google features at home. Features like my Nest and other things. So I had to log in with my personal Gmail. I started using it more often. But I hadn’t realised that I hadn\\\'t switched 2FA on.
Now I’ve protected myself. Hopefully, I’m far less likely to get caught by phishing attacks and all the rest of it. Because even if they did get my passwords or some logins, they wouldn\\\'t be able to get in. They haven’t got the 2FA access. That\\\'s it. That\\\'s all I want to share today. I hope this has helped and made your life a little more secure. I hope it makes you sleep a little bit better.
And if you found this useful, please do remember to hit subscribe. Share this with any other businesses you know. And actually with anyone you know. Because even if you\\\'re not a business owner, if you use email or banking apps, you should have 2FA enabled. Please make sure those people also use Two Factor Authentication. That way, they protect themselves and stop all these phishing scams from causing mayhem in the world.
That\\\'s it for today. Thank you so much for your time and for listening. I hope to see you next time. Take care. Bye.
LINKS TO CONNECT WITH THE HOST
- Podcast: https://www.systemizeyoursuccess.com
- Website: https://systemsandoutsourcing.com/
- Facebook Group: https://facebook.com/groups/systemsandoutsourcing/
- LinkedIn: https://linkedin.com/company/systemsandoutsourcing/
- Instagram: https://instagram.com/systems_and_outsourcing/
- YouTube: https://youtube.com/@drsteveday42
- TikTok: https://www.tiktok.com/@drsteveday42
ABOUT THE HOST
Steve moved to Sweden in 2015 and transformed how he ran his businesses—switching to a fully remote model. A former NHS doctor, with a background in computing and property investing, he now helps overwhelmed business owners systemise and outsource effectively. Through his courses and coaching, Steve teaches how to automate operations and work with affordable virtual assistants, freeing up time and increasing profits. He runs his UK-based businesses remotely with support from a team of UK and Filipino VAs, and is passionate about helping others build scalable, stress-free companies using smart systems and virtual support.
For more articles related to protecting your business from hacks and cyber threats, you may also like:
Small Business Security: How To Safely Share Logins With Your Team