Foremost in the mind of most IT professionals is risk and threat mitigation. With the rise, and prominence, of data breaches and cyber-attacks and that more of the workforce are working remotely or from home, managing data security and access isn’t as simple as it once was. The average CIO needs to juggle the need of stringent security measures with ease of use for the end user, as if a solution is not easy to use then you will struggle to get buy in from your workforce. So, what do you to do to ensure that users have the access and the flexibility they need while ensuring your systems and data are as secure as they can be?
A Zero Trust Approach
|Though it might sound counterintuitive to a user centric organisation, you need to start with a “zero trust” approach, your systems and applications need to treat every attempted access as if it originates from an untrustworthy source. This means that every user and device is authenticated before they can access any application or platform. You can then set your own parameters to what counts as authenticated or trusted and how often users need to re-authenticate themselves and their devices. You can find out more about “Zero Trust” including the five steps you need you need to take to achieve it, with our infographic that you can view here.|
The decline of the password
Passwords, once seen as the height of IT security, are no longer strong enough to keep nefarious users at bay. It is thought that more than 95% of successful application attacks are because of weak passwords. The attackers gain access though either guessing weak passwords, such as birthdays or pet names, brute force or through phishing. In 2019 a report by DUO found that 63% of phishing attacks were successful in capturing user credentials. So, if passwords are no longer enough to keep our data and applications safe, what can be done?
One approach that is becoming more popular is the use of multifactor authentication (MFA), this is a tiered approach to security that consists of multiple layers of authentication. It is more secure than a password because even if an attacker learnsor guesses credentials there is still at least another layer they need to penetrate before they can gain access. There are three standard authentication methods, something you know, such as a password, something you have, such as a mobile or oth r device and something you are, such as your fingerprint or face.
Secondary authentication methods
So, if we assume use of a password as the first authentication method, which of the others is the best for secondary authentication? Biometric data is often seen as the best method, you can’t forget your face! However, recent studies have found that smart phone facial recognition technology can be fooled using photographs, whilst recordings have fooled voice recognition technology. Many applications use SMS text messages as a secondary authentication method, but because mobile phones are relatively easy to hack that is the least secure authentication method*.
Authenticator apps and Duo
|Authenticator apps, such as DUO, use a phone or tablet to provide secondary authentication without the risks of SMS. Once you have enrolled into the programme, the end user can download the app to their device. Once they log in, they receive a push notification on the app so that they can approve or deny access. Duo has a wide range of authentication methods, making it easy for every user to securely and quickly log in and start work.||
Natilik, your confident guide to IT security
Natilik can offer you a wide range of IT security solutions, from Duo and other partners, to help you ensure the security of your applications, data and business secure. Get in touch today to find out how our experts can help you.
*US National Institute of Standards and Technology (NIST)