Two-Factor Authentication (2FA) : Strengthening Access Security Across All Digital Platforms

As part of our continued commitment to safeguarding Bridgeway Group’s digital ecosystem, this circular serves to formally mandate the activation of Two-Factor Authentication (2FA) across all official digital platforms used by our Group companies.

With increasing cyber threats globally, password protection alone is no longer sufficient. Even strong passwords can be compromised through phishing, malware, or data breaches. An additional verification layer significantly reduces the risk of unauthorized access and protects our business continuity, brand reputation, and sensitive information.

What is Two-Factor Authentication (2FA)? 

Two-Factor Authentication (2FA) is a security mechanism that requires users to verify their identity through two separate components:

1. Something you know (your password)

2. Something you have (a one-time code sent to your registered device or generated via an authenticator application)

This ensures that even if login credentials are exposed, access cannot be granted without the second verification step.

Enabling 2FA:

·        Protects official email accounts from takeover attempts

·        Secures CRM systems, finance platforms, and HR portals

·        Prevents unauthorized access to social media handles and brand assets

·        Minimizes risk during employee transitions or role changes

·        Reduces financial and reputational exposure due to cyber incidents

 Implementation Guidelines

All CEOs, Business Heads, and Department Heads are requested to ensure the following:

Immediate Activation

2FA must be enabled on all official accounts, including but not limited to:

·        Official email IDs

·        Social media platforms

·        Domain and hosting portals

·        CRM systems

·        Cloud storage platforms

·        Finance and ERP systems

Use of Official Contact Details Only

2FA must be configured strictly using:

·        Official company email IDs

·        Officially designated mobile numbers

Personal phone numbers or personal email IDs must not be used. Wherever possible, a secondary authentication method should be added, preferably under the supervision of the Department Head or IT representative to ensure access continuity.

Authenticator Applications Preferred

Where supported, authenticator apps (e.g., Google Authenticator, Microsoft Authenticator) should be prioritised over SMS-based authentication for enhanced security.

Access Review

All departments must review existing accounts within 14 days to confirm:

·        2FA is activated

·        Recovery details are updated

·        Inactive users are removed

 Accountability & Compliance

Each Unit Head will be responsible for confirming compliance within their respective departments. IT teams are expected to extend necessary guidance and support wherever required. Failure to implement 2FA exposes the organization to preventable risks. As we continue to expand across industries and geographies, the responsibility to secure our digital infrastructure becomes even more critical. 

We request all concerned teams to treat this as a priority and complete implementation at the earliest.

For any clarification or technical support, please coordinate with your IT Department.

Best Regards,

Group CEO’s Office

Bridgeway Group CIRCULAR | BRIDGEWAY GROUP 04.2026

TO: CEOS, BUSINESS HEADS, MARKETING HEADS | CC: DIRECTORS | DATE: 11 MARCH 2026