Keep Your Company Secure Without Frustrating Your Employees
Ham. Prawns. Oysters.
Hold on, does your mother-in-law eat oysters? Your sister is bringing her new partner. Why does Coles keep running out of glacée cherries? Hold on, is it going to boiling hot on Christmas Day or a washout? Who is going to Queen Vic on the 24th to get the seafood? Maybe it is easier to get it locally?
Your mind is spinning. It’s a stressful time.
We have all awakened from a long nap, and Christmas is here with no threat of lockdowns.
The roads are back to 2019 levels, shopping centres are full of rowdy teenagers, and you’ve got think of gifts for each niece and nephew. And let’s not forget work’s Secret Santa. You hate Secret Santa, but it’s all team spirit. So you have to participate…Speaking of which, when are the end-of-year drinks? Is it the 16th or 23rd of December?
With only ten days until the big day, you know it’s time to morph into a productivity ninja.
It’s the same every year. You have a complete meltdown leading up to that one day when you try to host an event for your nearest and dearest. And as you pass on the second helping of Chrissy pud, you vow, “next year it will be different”. You’ll implement a plan that crushes the stress and boosts your productivity to finish Christmas.
Sometimes it could be easy to delegate some of the salads and desserts. But you don’t like to inconvenience your family and friends.
Similarly, many companies and businesses fail to introduce effective security protocols like multi-factor authentication (MFA) for fear of inconveniencing their employees, leading to lost productivity. But what is the actual cost?
Well, for many, it’s not the cost of implementing MFA, as most cloud applications include it for free. However, failing to implement effective authentication protocols leads to a heightened risk of data breaches. And with that comes downtime, reputation and brand damage.
Only 22% of Azure Active Directory users had enabled MFA in a recent survey by Microsoft. It highlights the apparent lack of authentication security in many businesses and that over 75% of users had severe security vulnerabilities. However, studies have consistently found that MFA is 99.9% effective at stopping fraudulent sign-ins.
Credential compromise continues to be the most common reason for data breaches. For example, 35% of data breaches are initiated from breached login credentials.
Here’s the thing, it’s simple and easy to secure your network and ensure your employees remain productive.
Here’s how to improve security without inconveniencing your employees
1. Implement contextual authentication rules.
You can consider introducing different authentication processes based on rules. For example, an employee working in your company’s building should be authenticated differently from someone working remotely overseas.
Leveraging contextual authentication enables businesses to set a higher threshold before access is granted. For example, you can limit or block system access to employees logging in from New York, London or Beijing.
And you can offer additional challenge questions for users logging in outside working hours.
Adopting contextual authentication means your business can avoid inconveniencing employees during regular working hours unnecessarily. But they can still verify those users logging in under different circumstances.
Some of the contextual factors you can use include:
- Timezone
- Geographical Location
- Type of device being used
- Time of the last successful login
- Variety of resources accessed.
2. Install a Single Sign-on (SSO) solution
A recent report on U.S. employees found they switch between an average of thirteen apps up to thirty times per day. So imagine how inconvenient using MFA for each login is for those employees.
One way your business can help employees is to authenticate them across multiple applications is single sign-on (SSO). It merges the authentication process for various applications into one single login. It allows employees to use MFA once and be authenticated.
Using single sign-on is a seamless solution for your business to operate securely whilst not inconveniencing your employees.
3. Use an endpoint device manager
You can help secure your network access by it recognising devices. For example, an endpoint device manager will authenticate a device accessing the network without requiring user input.
Simply, you register the employee’s device in the endpoint device manager. Then, implement security rules such as blocking an unknown device automatically.
A significant advantage is you can use the endpoint device manager to scan for malware and security vulnerabilities. And then automatically provide security patches and updates without disrupting your team’s productivity.
4. Role-based authentication lowers security risk
It would be best to consider who has access to highly sensitive customer data. And depending on your business, you should determine what level of access they have.
Many businesses and companies use role-based authentication to protect customer data. When establishing a new employee in your IT systems, you should align the authentication and access level to their allocated role. Your IT administrator or managed service provider can help establish the appropriate permissions and contextual authentication simultaneously.
5. Should you use biometrics?
Many employees are used to using their fingerprints, eyes or face to unlock their smartphones. In fact, Apple launched fingerprint authentication (TouchID) with the iPhone 5s, and Samsung Galaxy used facial recognition as early as 2011.
And whilst most people are familiar with biometrics, introducing the hardware required for a business to use is not considered cost-effective for many SMEs.
Need help making authentication easier for your employees?
Contact us to discover how we help improve Melbourne businesses’ authentication security.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.