In 2019, many assumed working from home would be difficult or impossible for them. Catalyzed by the coronavirus pandemic, however, millions had no choice – and most were surprised by the results.
Strangely, it was COVID-19 that finally gave employees the freedom to work from where they wanted. They could make a bespoke home office surrounded by creature comforts or take their laptop to the park to make calls with video.
The commute was eliminated. There was no more rush hour traffic. Employees saved on travel costs. Increasingly, they could also choose when they worked. Their work schedule was able to incorporate the school run or gym.
Daily stand-up meetings started to be held via video conference, with employees collaborating via software suites.
Employers reaped the rewards too. Productivity went up, which meant profits and ROI rose. Workers were less stressed. Suddenly, it seemed obvious: why waste time on long, laborious meetings when a simple VoIP phone call could resolve an issue?
Employees were no longer preoccupied with office admin either. SAP robotic process automation (RPA) could do the mundane, repetitive office chores they used to. Businesses could rent less office space, saving even more money.
Now, despite the end of lockdown, it seems remote working is here to stay, but this has posed its own challenges. One solution is multi-factor authentication. We take a look at why this is essential for those who’ve adopted a remote work setup.
The benefits of remote working are myriad, yet inevitably there are some drawbacks. One of the most problematic is also one of the easiest to solve – cybersecurity.
Group meetings are made superfluous by video conferencing, face-to-face collaboration by software suites. One-on-one management can be replaced by an online training strategy. Perhaps ‘replaced’ is the wrong word – ’improved’ is more apt.
Remote working tools are more efficient, more cost-effective, and logistically much simpler than traditional office working. They save two of the most precious things in business – time and money.
But despite the benefits, each solution requires login details that can leave you vulnerable to attack. Remote working presents other risks too. An employee might use a less secure internet connection. They might log in on a communal PC or leave a tablet in a cafe. This presents challenges for IT departments, whether in-house or outsourced.
Simple errors such as these can have drastic consequences. A single mistake, such as a lost tablet, can result in a serious data breach. Should one of your devices fall into the wrong hands, you need to be certain that the most damaging thing they can do is discard it because it’s useless to them.
60 percent of small companies that get hacked go out of business within six months. That’s a huge price to pay for a lost laptop.
A sinister cybercriminal could then gain access to everything you have. That means online and on your intranet. That’s assuming the criminal is human, when frequently it’s malware or bots that do the damage.
To cover authentication methods in detail – and to assess which one is best for you – it’s necessary to understand more about the categories they fall into. These can be divided into three groups: know, are, and have.
This is the oldest and most common type of authentication. Users log in using something they know. Often this is a password, but it could also be an answer to a question, such as the name of a pet or a favorite restaurant.
|• This type of authentication is easy and cheap to implement.||• Users can forget passwords.|
|• It’s user-friendly.||• Users may set passwords that aren’t secure or forget to update them.|
|• These passwords are susceptible to hackers.|
The cons are particularly problematic here. An employee might log in on a public computer and forget to log out. A user could have their password hacked by spyware or a trojan horse. Worse still, bad actors could hack into an organization’s system and steal the details of millions of customers.
This type of authentication refers to something you are or have that’s unique to you. It may be a retina scan or voice or face recognition. This might allow users to access rooms or departments in a building, for example. Adding fingerprint recognition authentication to your app can help increase Android device uptime.
|• Very secure.||• Expensive and difficult to configure.|
|• The “key” that unlocks the system cannot be lost or forgotten.||• Users may lose their devices.|
|• Login can be unreliable due to environmental or weather conditions.|
This type of authentication refers to something you have. This could be a swipe card, key, or more frequently a mobile device. Users can verify their phone number and then have a code sent to them via SMS. Entering the correct code grants the user access to a website or some form of software.
Another example would be an app. A user opens an app on their device and approves a push notification, allowing them access. If a malicious user is trying to hack into an account, the authentic user can refuse access and change their login details.
Users can even access a website by approving access on the same device. This is because the approval is often via an email or phone number which proves the user’s identity.
|• Convenient for users||• Repetitive for tasks that require multiple logins.|
|• Very secure||• Time-consuming to set up as users will have to authenticate their device.|
2FA vs MFA
Using some form of authentication is essential for maintaining good cybersecurity, but settling on a specific type can be tricky. This choice often comes down to a tossup between two-factor (2FA) and multi-factor (MFA) authentication.
These are often confused, but there’s a subtle difference between them. 2FA involves incorporating two factors that are needed to gain access. These needn’t be from different categories. For example, this could be a know/know combination – you access a website by entering your password and then are asked what your first car was. That’s 2FA, although the information is still susceptible to hackers.
Where MFA is more robust and sophisticated is in using combinations of authentications. This information is then partitioned so hackers would have to access two or more systems to gain login combinations. AI in cybersecurity is often used alongside this to enhance online safety.
Of course, the advantage of are and have authentication is they’re incredibly tough to break. Cybercriminals would have to overcome multiple security challenges to hack you if you utilized this type of MFA.
The Difficulties of MFA
Unfortunately, one drawback of MFA is that it’s time-consuming. It’s an inconvenience for employees and customers that accumulates over time.
That said, MFA can be responsive and adaptable. It can identify patterns in your users. For example, you might choose not to impose MFA unless the location or time of the login attempt is suspicious.
If an employee logs in from another country at 3 am, it’s reasonable to expect them to complete an MFA. Likewise, if a customer makes a purchase from a new IP and tries to buy something that differs from their normal habits, it’s wise to make sure it’s them before completing the transaction.
This is all part of tailoring your services to your users and gauging the security threat, as with device vs browser lockdown.
Knowing Your Users
A more complex issue relates to ethics. Despite the security of ‘have’ authentication, users might feel uncomfortable about facial recognition software. They may be wary about having their retinas scanned or feel it’s an intrusion of their privacy. They may also be guarded about having details stored by corporations.
It’s important to understand your audience. Choose the MFA solutions that protect data without causing too much inconvenience. It’s certainly logical to have more robust security for your employees than your customers.
You wouldn’t want a single customer to get hacked, but a data breach or cyberattack on an employee is potentially more harmful. It’s a balance that will be different for every organization.
You can give your users the option to select their preferred means of authentication. You can also offer them the choice of staying logged in for a set period on their devices. Automate regular password changes too. Users are then prompted to switch these every six months. Educating your staff on the importance of this should be a key part of your security strategy.
A one-password system can help here. This is a data management system whereby users open an account and input all passwords and confidential data. They can then access all software, media, banking, and retail accounts with a single login. It could be worth informing your employees and customers of this if login is a particular pain point.
Hopefully, you’ve now gained some insight into what you have, who you are, and what you know. Good security offers peace of mind for employers, employees, and customers. That’s why it’s essential for remote work setups in particular.
If you log calls, credit card details, home addresses, etc, this precious data needs safeguarding. That includes all the access points your remote workers use. Improve your security and watch the confidence permeate from your employees to your customers.
As hackers become more sophisticated, so must cybersecurity. Does it seem like an unnecessary expenditure? Then consider the devastating effects of a cyberattack or data breach. You could lose customers, time, money, and even your business.
Give MFA the green light today. In fact, give it multiple green lights.
Jessica Day – Senior Director, Marketing Strategy, Dialpad
Jessica Day is the Senior Director for Marketing Strategy at Dialpad, a modern business communications platform and cloud phone system that takes every kind of conversation to the next level—turning conversations into opportunities. Jessica is an expert in collaborating with multifunctional teams to execute and optimize marketing efforts, for both company and client campaigns. Here is her LinkedIn.