The changing ecosystem of business, from laptops and mobile devices to amped up research and design to big data, increases the necessity of protecting an organization’s customers, information, and resources. The single-factor authentication solution, which uses only a password, no longer adequately prevents breaches or identity fraud.
The office is no longer a brick and mortar building; it’s a vehicle, living room, sailboat, or any place where a mobile device is operational. Per GlobalWorkplaceAnalytics.com, “regular work-at-home, among the non-self-employed population, has grown by 103% since 2005.” Professionals are increasingly connected to the internet, applications, and each other, engaging remotely so that business can move quickly no matter their physical location.
While employment studies, such as this one conducted by Elance, show that remote work is trending upward, the convenience of not having to be in the office to work or in a store to shop makes cybercrime more convenient for the criminal. Organizations and world governments alike struggle to manage the risks and stay ahead of criminals in securing corporate data and systems that are protected by a firewall.
Data breaches are becoming more frequent
Breaches have become an everyday occurrence, making them less of a media sensation than they once were. I remember the public uproar over AOL’s 2006 release of 20 million records, but data breaches are so large and common now that ClixSense’s 6.6 million stolen user accounts made few headlines in 2016. No matter the level of media attention, data breaches have long-term ramifications, from loss of corporate intelligence to brand damage.
The single-factor authentication method, using a username and password, is no longer sufficient to protect corporate systems. Corporate intelligence, personally identifying information (PII), and customer databases using this method are all at risk of being accessed by cyber-criminals.
Both the workforce and criminals find credentials that are easy to remember the most convenient way to access devices, stores, and banks. Each quarter, McAfee Labs identifies hundreds of thousands of new phishing URLs that collect digital content from potential victims’ interests and activities, making it easier for cyber-criminals to hack or phish personal credentials. Cyber-criminals can use this information to access both personal and business information.
The relationship between work and personal devices poses security risks
The line between personal and business devices has blurred. Employees use their personal computers to do company business and their company phones for personal use, which compromises the security measures deployed to prevent breaches. To complicate the situation further, employees often use credentials that are easy to remember and reuse the same passwords for both personal and work. This expands the attack surface, increasing vulnerability.
Similarly, shared credentials are more convenient and efficient to some organizations, especially in situations where users are pressured to save time. Retail and healthcare are two industry examples where employees often don’t log off or think twice about using the credentials of another co-worker.
As the contingent workforce continues to grow among organizations, we also find it easier to share credentials with a temporary employee or contractor verses following policies requiring new credentials to be issued and terminated. Sharing credentials saves time in providing access, but also presents a large security risk.
Individuals and organizations both need to recognize the vulnerabilities inherent in using usernames and passwords as the only methods of securing data. While single-factor authentication is easier for operators across devices and varied uses, it is increasing the risk that cyber-criminals will compromise or breach sensitive business information.
Decreasing risk by moving from single-factor to two-factor authentication
Regulatory advancements and improved authentication measures expand a company’s defense against security risks. Whether in healthcare or financial services, increased regulations significantly lower an organization’s system vulnerability to cyber-attack. However, implementing, following, and maintaining regulations brings about its own set of problems, such as increased expense. One of the easier ways to protect our businesses is to move away from single-factor authentication to two-factor authentication.
Human resources can be the first line of defense by conducting identity (ID) screening and authentication during the hiring process. InfoMart’s ASAP ID services allow employers to gather identification documents and conduct facial recognition of users for credentialing, preventing fraud, authenticating users, and protecting data enterprise-wide, all at the onset of the pre-employment background screening process.
Applicants won’t be surprised by this trend toward identity authentication using document databases and facial recognition. According to a MSI study commissioned by McAfee, “Safeguarding the Future of Digital America in 2025,” more than two in three consumers foresee accessing work data via voice or facial recognition in the near future.
It isn’t difficult to add an additional layer of security. Security improvements might not be as convenient for the user; however, they do make hacking more difficult for the cyber-criminal. Fraudsters are looking for an easy way to make a dollar and single-factor authentication is a more convenient system to hack than two-factor credentialing.
Don’t make it easy on the fraudster. Improve your security and leverage two-factor authentication in your organization with InfoMart.