Dear Fraudster, for Your Convenience We Use Passwords
January 20 2017
The changing ecosystem of business, from laptops to mobile devices to amped up research and design to big data, increases the necessity of protecting an organization’s customers, information, and resources. The single-factor authentication solution, which uses only a password, no longer adequately prevents breaches or identity fraud.
The office is no longer a brick and mortar building; it can be a vehicle, living room, sailboat, or any place where Wi-Fi is operational. Per GlobalWorkplaceAnalytics.com, “regular work-at-home, among the non-self-employed population, has grown by 103% since 2005.” Professionals are often connected to the internet, applications, and each other, engaging remotely so that business can move quickly no matter where they are.
While employment studies, such as this one conducted by Elance, show that remote work is trending upward, not having to be in the office to work or in a store to shop makes cyber-crime more convenient as well. Organizations and world governments alike struggle to stay ahead of criminals in securing corporate data and systems.
Data breaches are becoming more frequent
Breaches have become an everyday occurrence, making them less of a media sensation than they once were. I remember the public uproar over AOL’s 2006 release of 20 million records, but data breaches are so large and common now that ClixSense’s 6.6 million stolen user accounts made few headlines in 2016. No matter the amount of media attention they receive, data breaches have long-term ramifications. These can include everything from loss of corporate intelligence to brand damage.
The single-factor authentication method, using a username and password, is no longer sufficient to protect corporate systems. Corporate intelligence, personally identifying information (PII), and customer databases using this method are all at risk of being accessed by skilled hackers.
Both the workforce and criminals find credentials that are easy to remember the most convenient way to access devices, stores, and banks. Each quarter, McAfee Labs identifies hundreds of thousands of new phishing URLs that collect digital content from potential victims’ interests and activities, making it easier for cyber-criminals to hack or phish personal credentials. Cyber-criminals can use this information to access both personal and business information.
The relationship between work and personal devices poses security risks
The line between personal and business devices has blurred. Employees use their personal computers to do company business and their company phones for personal use, which compromises the security measures deployed to prevent breaches. Additionally, employees often use credentials that are easy to remember and reuse the same passwords over and over again. This increases vulnerability to a cyber-attack.
Shared credentials are more convenient and efficient to some organizations, especially in situations where users are pressured to save time. Retail and healthcare are two industry examples where employees often don’t log off or think twice about using the credentials of another co-worker.
As the contingent workforce continues to grow among organizations, we also find it easier to share credentials with a temporary employee or contractor verses following policies requiring new credentials to be issued and terminated. Sharing credentials saves time in providing access, but also presents a large security risk.
Individuals and organizations both need to recognize the vulnerabilities inherent in using usernames and passwords as the only methods of securing data. While single-factor authentication is easier for operators across devices and varied uses, it is increasing the risk that cyber-criminals will compromise or breach sensitive business information.
Decreasing risk by moving from single-factor to two-factor authentication
Improved authentication measures expand a company’s defense against security risks. No matter the industry, increased regulations significantly lower an organization’s system vulnerability to cyber-attack. Though implementing, following, and maintaining regulations brings about its own set of problems, such as increased expense. One of the easier (and more cost-effective) ways to protect our businesses is to move away from single-factor authentication to two-factor authentication.
Human resources can be the first line of defense by conducting identity screening and authentication during the hiring process. InfoMart’s ASAP ID services allow employers to gather identification documents and conduct facial recognition of users for credentialing, preventing fraud, authenticating users, and protecting data enterprise-wide, all before the pre-employment background check.
Applicants won’t be surprised by this trend toward identity authentication using document databases and facial recognition. According to a MSI study commissioned by McAfee, “Safeguarding the Future of Digital America in 2025,” more than two in three consumers foresee accessing work data via voice or facial recognition in the near future.
It isn’t difficult to add an additional layer of security. Security improvements might not be as convenient for the user; however, they do make hacking more difficult for the criminal. Fraudsters are looking for an easy way to make a dollar and single-factor authentication is a more convenient system to hack than two-factor credentialing.
Don’t make it easy on the fraudster. Improve your security and leverage two-factor authentication in your organization with InfoMart.
About Tammy Cohen
Tammy Cohen, an industry pioneer and expert in identity and employment screening, founded InfoMart over 28 years ago. Deemed the “Queen of Screen,” she’s been a force behind industry-leading innovations. She was most recently the first-to-market with a fully compliant sanctions search, as well as a suite of identity services that modernizes talent onboarding. Tammy revolutionized the screening industry when she stepped into the field, developing the first client-facing application and a due diligence criminal search that has since become standard for all background screening companies. Cohen has received national awards and honors for her business and civic involvement, including Atlanta Business Chronicle’s Top 25 Women-Owned Firms in Atlanta, Enterprising Women Magazine’s Enterprising Women of the Year award, the YWCA of Northwest Georgia’s Kathryn Woods Racial Justice Award, and a commendation in the 152nd Congressional Record. To learn more about Tammy, visit www.tammycohen.com.
InfoMart has been revolutionizing the global background and identity screening industry for over 28 years, providing businesses the information they need to make informed hiring decisions. They develop innovative technology that modernizes talent onboarding, including a first-to-market biometric identity authentication application and a verified sanctions search. The WBENC-certified company is a founding member of the National Association of Professional Background Screeners, and they have achieved NAPBS accreditation in recognition of their consistent business practices and commitment to compliance with the FCRA. The company is dedicated to customer service, speed, and accuracy, and it has been recognized for its success, workplace culture, and corporate citizenship with over 40 industry awards. To Get the Whole Story on InfoMart, please visit www.infomart-usa.com, follow @InfoMartUSA, or call (770) 984-2727.