I hope someone here can help us with a good advice. Our company website- employee section has been restricted to access using login verification method for the authentication. The working is simple. A login notification with a verification code will be sent to the user mobile and once it's verified, they will be granted the access.
This section had some issue with company management when a group of ethical hackers successfully broke the authentication and accessed the restricted area. Data was safe, but a serious security glitch was exposed.
We approached a cyber security company named NCI, and they mentioned about using two factor authentication to protect from hacking and possible malware and spyware attacks ). What else can we implement in our website to make it more secure? I hope someone can give a proper advice on this.
I didn't find the right solution from the Internet.