By Ben Weiner, CEO, Conjungo
With the growth in demand of remote access or remote working practices, the risk of losing data, and ‘intellectual property’ has increased. The result of such loss through ‘hacking’ or other breach in security can be devastating and can result in a court case, heavy fines, loss of reputation and ultimately a company can be forced to close. The consequences should not be underestimated and organisations should consider and measure the potential damage if such an event occurred.
The ID Theft Centre report provides frightening statistics of how many breaches and which companies have been affected by data theft. The conclusion can only be that new technologies will continue to be developed to minimise such risks.
- 41% of employees reuse passwords for multiple accounts
- 25% of employees keep a written note of their passwords
- More than 30% of helpdesk time is spent resetting and supporting passwords
- 47% of employees regularly access their corporate network or webmail through a mobile device such as a Blackberry or iPhone2.
- 34% revealed the word or phrase they used when asked if it had anything to do with a pet or child’s name
- 80% said they were fed up with passwords and would like a better way to log into work computer systems
The Solution….Two Factor Authentication – Low cost, easy to use and effective!
People can access email and valuable data using a broad array of devices, such as notebooks, tablet PCs and of course smart-phones, regardless of location. Two Factor Authentication (2FA) or as it is sometimes known, Two Tier Authentication, is a system that enables users to make payments or obtain information over the Internet securely (Remote Access). Its’ purpose is to ensure that only the person with the relevant information and systems can gain access. For example it is used by most of the major banks to allow their customers to access their bank accounts securely and check balances or make payments. It also used by organisations to enable their users to gain access to email or other organisational data via the Internet.
2FA aims to ensure that the person requesting the data is the right person by being able to prove their identity and thereby decreasing the potential for fraud, theft or other form of illegal activity.
Two separate methods of proof of identification are required in order to verify the two-stage authentication process. If both sets of information match the criteria logged in a system, the system will allow access to the secure data that the individual is requesting.
Two factor authentication requires the use of two of the three regulatory-approved authentication features:
- Something the user knows (for example a password or PIN);
- Something the user can use (for example a bank card, smart card or Bank ATM)
Without these two elements matching, authentication will not be possible. This is known as the “something you have” and “something you own” principal. It essentially the modern form of a ‘lock and key’ in that without the key, the lock cannot be opened (the token or PIN is the key in this scenario).
My company is small……..do we need it?
The reality is that most types of companies should use some form of 2FA. Clearly, the most obvious are banks, ISP’s, Government bodies and any organisation that requires users to access their network or information.
Different types of companies will naturally have different requirements, for example, banks where it is matter of compliance due to the very nature of their business. Being in breach of banking regulations and the Data Protection Act can have severe consequences.
Other companies that should implement this type of technology are web based that allow B2B transactions and for e-commerce sites.
What can I expect to gain by Utilising Two Factor Authentication?
The benefits are clear and certainly outweigh any disadvantages. As long as there is a criminal element that wish to take advantage and wish to steal information and money by illegally accessing online bank accounts and networks there will be a need for 2FA.
Considering that this type of activity is extremely unlikely to stop, that such events can effect individuals and organisations regardless of size and location, making sure that data and access is secure and lowering the risk and adverse effects is a given.
Given the potential consequences of loss of vital data and money and the resulting issues that will cause, the growth of the Internet, the increase in users requiring access to networks, and the move to remote working has fundamentally changed the requirements for authentication over the last few years. As a result investigation at the very least, of such technology should be a made.
For more information: http://www.rsa.com/node.aspx?id=1159