It is always best to require that all employees use strong two factor authentication across all systems. It’s even better to extend this to customers through a system that requires different levels of authentication based on the sensitivity of the service – providing a good balance between convenience and security.
A simple and a good place to start is to require administrators and key systems to use strong two factor authentication.
NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a draft cybersecurity practice guide, NIST SP 1800-17, Multifactor Authentication for E-Commerce, to help retailers reduce incidents of e-commerce fraud. This guide was developed in collaboration with thought leaders from NIST, industry, technology vendors, and the retail sector. Download the guide at https://bit.ly/2uJY5WD