Partner Insight: Home working: the need for multi-factor security

clock • 4 min read

During the months of lockdown and widespread uncertainty, it can be easy for unwary staff to fall victim to data breaches. Convincing scams and malicious links are rife, some linked to health or finance issues that prey on people's hopes and fears.

Computer viruses and malware can lurk in IT systems for long periods dormant and undetected, while crypto-jacking tools can do something just as insidious and costly: covertly use the organisation's processors and electricity to make money for others.

 

The home working risk

At the same time, the dispersed nature of most teams at present means that some home workers may be taking security risks of their own without realising it: sharing devices with family members, using unsecured WiFi connections, ‘shadow' IT, or unsanctioned apps within their departments.

Like the IT functions of a much earlier age, many organisations have had to ‘make do and mend' during the COVID-19 crisis, feeling their way into this world of home working at unprecedented scale.

Others may have found that their corporate laptops or operating systems are out of date, and so are unable to run recent apps for online collaboration and videoconferencing - increasing costs for the organisation as upgrades are forced on them just to keep business ticking over.

 

Supporting the team

Even those companies that had factored remote, agile working into their corporate strategies are likely to have found themselves ill prepared for up to 100 percent of staff doing their jobs away from the office for months on end. For many CIOs and IT leaders, supporting this level of remote access as the senior responsible owner and protector of the organisation's data has been a significant challenge.

A Verizon report in 2015 found that over 50 percent of data breaches were due to lost login details, passwords, and other credentials. Other surveys have found that many people still use weak, guessable passwords, while some use the same strong password across dozens of different services to avoid having to remember multiple identities.

In the latter case, a successful hack of an online repository could reveal those details to organised criminals; there is a healthy trade in stolen credentials on hackers' forums.

 

Don't make it easy for them

The ease with which a criminal or opportunistic hacker could assume an employee's identity is just one part of the problem, particularly if home workers are using insecure smart-home devices that give attackers an easy route into the domestic network - and from there into the corporate one.

Other techniques, such as phishing or spear-phishing, aim to trick people into divulging their details, while ransomware locks up devices and data, forcing people to make cryptocurrency payments.

 

The multi-factor solution

In our private lives, most of us expect strict levels of security from the apps and platforms we use for sensitive tasks, such as online banking, so it's reasonable to expect similar precautions when logging on to corporate networks and applications. After all under GDPR and the Data Protection Act 2018, the penalties for not securing private data can be severe, while the damage to reputations can be long lasting.

All of these threats are why the simple ‘user name plus password' approach to security is no longer deemed sufficient by sensible organisations. Multi-factor authentication (MFA) is essential. Such techniques are particularly effective when deployed at hardware level, and they have the additional advantage of negating the need for passwords at all, which makes the hacker's task much harder.

Amongst the multiple elements that can be triggered or demanded by MFA include a personal identification number known only to the user, a unique code sent by text to the user's registered phone number, or even a biometric identifier, such as a fingerprint. In most cases, it's highly unlikely that a hacker would have access to each of these identifiers.

The greater the number of factors included at the checkpoint or security gate, the greater the assurance that the person is who they say they are and so should have authorised access to the device, application, network, and/or data.

One feature that would be particularly beneficial in a home-working scenario is presence detection and/or a timed lock-out, so if a user leaves their device logged in but is away from their machine, or inactive for an extended period, they can be disconnected from the resource.

By making security a more seamless and less inhibiting experience for the user - and for the IT support team - organisations can enhance the user experience of their employees whilst making them more secure at the same time.

To learn more about how the Intel vPro® Platform supports MFA, click here

You may also like

Security

How do you address IT leaders' dual concerns around remote working and cyber security?

clock 04 August 2020 • 4 min read
Most read
01

Cabinet Office terminates £9m Microsoft deal

16 February 2024 • 2 min read
02

Microsoft announces critical zero-day Exchange bug

16 February 2024 • 1 min read
05

Cisco cuts more than 4,000 jobs

15 February 2024 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Microsoft announces critical zero-day Exchange bug

Microsoft announces critical zero-day Exchange bug

Enables remote control of Exchange Server

Vikki Davies
clock 16 February 2024 • 1 min read
Bank of America admits data breach after supply chain hack

Bank of America admits data breach after supply chain hack

Customer info exposed

Tom Allen
clock 13 February 2024 • 2 min read
Breach exposes personal info in 'world's biggest casino' app

Breach exposes personal info in 'world's biggest casino' app

Casino owner tries to claim data was 'publicly accessible' on purpose

Vikki Davies
clock 12 February 2024 • 2 min read