Why the Cyber Security of your business is in the hands of your most frustrated employee
According to a study by Tech News World, more than half of US IT and cybersecurity professionals have experienced remote workers finding workarounds to their organisations’ security policies. This, coupled with evidence that employee frustration over security and authentication considerably reduces productivity, suggests that security can no longer be done in silo, without also considering the user experience.
As our world becomes more globally connected, technology orientated, and flexible by nature, the need for robust security is constantly growing. But, it is more important than ever for businesses to think about what the user journey and navigation looks like when it comes to implementing authentication and access controls.
In order to balance security and usability, businesses must consider the following:
Invest in the Latest Technologies
Today’s cyber tech industry is driving better, more robust secure authentication as well as putting a seamless user experience at the core of innovation.
With password security becoming increasingly problematic and remote working on the increase there has been a surge in both new threats and new technology development. According to CRN the lack of a network perimeter in this new world accelerated the adoption of SASE (secure access service edge), zero trust and XDR (extended detection and response) to ensure remote users and their data are protected.
CRN suggests that adversaries have taken advantage of the complexity introduced by newly remote workforces to falsely impersonate legitimate users through credential theft and have upped the ante by targeting customers in the victim’s supply chain. The ability to monetise ransomware attacks by threatening to publicly leak victim data has made it more lucrative, while employers continue to fend off insiders with an agenda.
The introduction of passwordless, two factor and biometric authentication technology are in response to more complex security threats. These can include mobile apps, touch ID, one time password tokens.
Research company Gartner suggests either replacing legacy passwords completely by using biometric authentication or one time password tokens or adding an extra layer of security to existing passwords by introducing two factor authentication by using an additional device such as a mobile phone.
Live and breathe cybersecurity
Even if a business is using the most cutting edge security technology, it is completely academic if users misuse it, or worse, disregard it completely. Of course, the best tech tools for the job should integrate in a frictionless but secure way, but businesses must take the time to consider best practices for implementing authentication technology with the user experience at its heart.
A report by icaew lists the top five cyber risks to be Ransomeware, Phishing, Hacking, Insider Threat and Data Leakage - and the list of recommendations for employees is long!
Simply telling your employees about these risks doesn’t go far enough - a business must instill a culture of cybersecurity awareness if they are to provide a fully robust security system so that every employee can recognise threats and understand what to do next.
Employee training and open lines of communication with IT security professionals will go a long way to ease the process.
Implement Best Practices
Additionally, according to a survey by the BPI Network and CMO Council, consumers overwhelmingly prefer to do business with companies that make authentication both simple and safe. This is where Customer Identity Access Management or CIAM becomes important.
CIAM is different from integrated account access management (IAM). Forrester defines it as ‘a collection of tools and processes that provide: 1) security (registration, authentication, authorisation, and self-service) core functionality identity and access management and 2) integration and workflows with marketing management, portals, CRM, master data management (MDM), business intelligence (BI), security analytics (SA), and other non security solutions for managing customers across all channels, including web, mobile app, phone, kiosk, mail, and in person.’
In other words, CIAM manages customer accounts and blocks abnormal access attempts, while providing compliance by region and country, analysis on service effectiveness, and various customised services to provide safe, secure identity management.
More specifically, CIAM involves managing the identities of customers who need access to corporate websites, web portals and webshops and has inevitably become essential due to the increase in online banking, e-commerce, online gaming and social media use. These services are at a high risk of security hacks that threaten to expose privacy by stealing cloud storage information.
As with IAM, compliance is still essential when deploying CIAM. Customer information must be collected, stored, and managed in accordance with regulatory requirements according to region, country, and industry. In addition, the history of customer information usage must be saved. To achieve secure compliance, organisations should encrypt their customer information and account information, and protect each key using Hardware Security Modules in addition to strong access controls for encrypted data and key management systems.
Implementing best practices that cover a range of protection for users is key. As part of this, organisations must ensure they sustain a clear focus on customer experience (CX) as well, enabling users to gain access in a safe, secure, and easy way across multiple devices. Passwordless logins using biometric information is a core requirement for CX improvement and is expected to grow alongside the core competitiveness of businesses.
The cybersecurity landscape is increasingly complex and the variety of threats present changes constantly. Organisations must put secure authentication at the heart of their business to avoid security breaches - but don’t forget the user - a seamless experience is the only road to implementing a successful secure authentication programme.