Would you rather recover from an injury or never get hurt at all? It’s safe to say most people prefer the latter. Businesses share the same notion—especially when it comes to information security. IT professionals today face an onslaught of challenges when it comes to protecting their organisation’s and stakeholders’ personal information. In fact, they’re faced with more challenges than ever. A recent study of cyber attacks found that data breaches exposed more than 822 million records in 2013—a new all-time high. In the face of an increasing number of attacks, IT professionals need to not only protect company networks from intruders but also ensure the security of employee identities, safeguard customer data and control access to networks.
There are, however, new solutions that are making it easier for organisations to meet the demands of today’s security climate. Forward-thinking companies are turning to digital security solutions to protect and manage their intellectual property and physical and cloud-based data assets.
Using only a user name and password to protect sensitive data equates to relying on a screen door to protect the valuables in your home. Of the more than 2,000 data breaches reported in 2013, individuals’ passwords were the most common detail exposed, having been revealed in nearly 50 percent of breaches. One only has to look back to Nortel, the Canadian-based telecommunications company, to know the potential cost of a stolen password. Hackers gained access to the passwords of seven company executives and infiltrated the company for nearly a decade, stealing everything from company emails to R&D reports.
Strong authentication should be required for all employees or users to access company networks. Adding several layers of identity verifications, whether by tokens, biometrics or security software ensures that only authorised users gain access and provides a simple and effective method for protecting data, even when connecting remotely. Of course, not all users are created equal. Extra steps should be taken to protect employees with access to confidential information, such as executives, finance, legal or HR teams. Depending on your company or employee risk level, additional features such as encryption or biometric logins should also be added.
The proliferation of mobile devices means that employees are often on-the-go. Nearly 45 percent of Australian organisations with more than 20 employees are now BYOD workplaces. While mobility offers organisations greater efficiency, it also creates more entry points for hackers. Laptops are prime targets for theft—more than 800,000 go missing from airports around the world each year. Leapfrogging, where hackers gain access through a mobile device and move onto the network when users sync, is also becoming more prevalent. Multi-factor, certification-based authentication can mitigate the risks that come with mobile devices. This means that users are given a certificate-based credential - something they have, such as a USB token, and are then prompted to answer a second authenticator- something they know, such as a password or access code. From smart cards, fingerprint authentication, badges and USBs, there are now a number of tools organisations can implement to ensure that information cannot be accessed by the wrong hands.
Protection In The Cloud
More of today’s businesses are turning to cloud-based applications to streamline their IT infrastructures and enable a more agile and mobile work environment – and for good reason. The enterprise cloud-based services market is expected to reach more than $35 billion by 2015. Moving to the cloud, however, comes with its own security challenges. IT professionals must manage the visibility, control and management of these cloud-based applications as well as all of its individual users’ logins and passwords. Usernames and passwords are the keys to accessing 95 percent of all cloud applications but when employees write down passwords or use the same weak credentials for every application or login, security can be compromised. Single-Sign On (SSO) solutions reduce the number of times users have to authenticate when accessing company networks, without affecting security. With cloud-based SSOs, users can access all of their cloud applications from anywhere with one login and IT professionals can securely control, manage and track access and usage.
There is no perfect version of digital security but as more information moves online, it becomes more critical for organisations to be one step ahead. Implementing a combination of digital security solutions help business avoid potentially catastrophic losses due to data breaches and build trust among employees and customers that their information is protected. As the Internet of Things (IoT) continues to evolve and develop, the challenges will grow. Organisations must begin exploring how they can manage the security risks of today and tomorrow.