The good news: A device-centric, BYOD culture enables employees to bring their work everywhere, leading to increased productivity. The bad news: Now, a single password breach means that your company’s information is vulnerable from the pocket of each of your employees.
Password breaches are the number one way that accounts are successfully hacked, according to a 2016 study conducted by Verizon. Most people make the same password mistake — using identical credentials for multiple sites. The average user has to remember between 25-30 passwords. We’re beyond the days when typing P@ssw0rd is going to be enough to secure your information.
However, as cyber threats evolve, so do the tactics you can use to keep private information secure. Multi-factor authentication (MFA) — the practice of using more than one type of credential to access information — is making a big wave in enterprises in 2016, with the market poised to cross the $1 billion mark.
With MFA, users typically have to submit a password for authentication, but then are tasked with inputting information from another source. It could be a One-time Passcode (OTP), sent to the employee via text or email. It could also be a fingerprint or retina scan. For users that gain access in location-based scenarios, it could even be scanning a nearby QR code. But despite all these scenarios, MFA also needs to be one more important thing: easy for both users and IT departments.
Companies must focus on user experience. When more than 500 million Yahoo accounts were recently attacked, some customers reported they were unable to change their passwords because of shared credentials dating back a whopping 15 years with AT&T customers. It is a six-step process to unlink the two and make those accounts secure again. That is a bridge too far for the average Joe.
Also, a recent study by the National Institute of Standards and Technology concluded consumers are in a state of “security fatigue.” Computer users don’t believe their data are important enough for hackers to target them. And not only that — when it comes to data safety, they don’t even think it’s their responsibility. This is obviously not what your IT department wants to hear.
Instead of placing that heavy load on your IT department, companies can outsource their MFA security measures to cloud-based providers, like Synchronoss’ Universal Identity. With a cloud solution, the cost of onsite servers disappears. Also solutions like Universal ID run less of a risk of an outage and can be easily kept up to date. Universal ID can adapt to make sure your industry’s standards of security are met, from finance to health care to life sciences and others.
Perhaps the easiest step companies can take is breeding a culture where employees are aware of their cyber vulnerability. Enterprises can educate employees on the benefits of an MFA solution and explain how MFA keeps personal information secure.
I know it may seem difficult to change the personal security behaviors of your employees. But when you take a user-friendly approach, it can be as easy as abc123.