A paradigm shift
In recent years there has been a significant shift in an employee’s technology preferences at work, in part shaped by how they are using technology in their personal lives and the increasing trend for bring your own devices (BYOD). We are seeing employees gravitating toward multiple devices for both work and play. In fact, recently Juniper has revealed that the number of IoT (Internet of Things) connected devices will number 38.5 billion in 2020[1].
Likewise IDC reports that employee‐owned devices in the workplace will grow to more than 5.25 billion[2]. Gartner predicts[3]that by 2018, employee-owned devices in the workplace will outnumber employer-issued machines two to one.
Similarly connected wearable devices is a market that is seeing particular growth, with one quarter of adults between 25 and 44 thought to now have then, a number expected to rise to about half by the end of 2018[4].
Multiple end points to secure
Employees’ preference for multiple screens and blended personal and business mobile applications is leading to a real headache for IT staff in keeping all the various end points secure. Perhaps it is time to treat each member of staff as an individual local area network (LAN), with their brain – the holder of the business critical intellectual property – as the core, and each connected device (whether it is a laptop, phone, tablet, smart watch or even Fitbit) as an entry point to that network. After all, the definition of a LAN as we know it is simply “a network that connects devices in a relatively small area to enable users to access data”.
Ever sophisticated attacks
This may not be as crazy as it sounds. After all, with employees being generally regarded as the weakest link to an organisation’s security arsenal, cyber criminals with malicious intent continue to target them with increasingly sophisticated attacks.
Seemingly not a week goes by without a high profile attack hitting the front pages. Earlier this year it was social media site Snapchat’s turn after a payroll employee opened an email impersonating CEO Evan Spiegel that requested payroll information for existing and ex-employees. During the last year, toy maker Mattel and questionable dating site Ashley Madison and BeautifulPeople all found themselves combatting the fallout from a well-publicised breach.
So, how can you shore up those employee network entry points so that the bad guys can’t get access to the sensitive data held within? Luckily, one of the simplest solutions is also one that tech savvy employees have almost certainly used in their private lives – two-factor authentication (2FA). After all, it is now the authentication system favoured by seven of the ten largest social networking sites[5] (including Facebook, Twitter and LinkedIn) as their authentication method of choice.
The rise of two factor authentication
2FA is an extra layer of security that requires not only a password and username but also something that only that user has on them, i.e. a piece of information only they should know or have immediately to hand, such as a unique code delivered to a personal mobile device. Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s data at the core of their personal network.
Shoring up all the entry points to corporate data is imperative. Businesses are not only under the spotlight of the Data Protection Act but a plethora of other increasingly stringent compliancy rules that can lead to severe fines if they are not adhered to. These MFA (multi-factor authentication) solutions can meet and exceed regulatory compliance whether it is PCI Data Security Standards, GCSx, CoCo, HIPAA or SOX.
The answer is in our pockets
The use of a mobile phone as a delivery method for the authentication code makes perfect sense. After all, whilst we are used to all carrying our own keys, wallets and personal belongings in our pockets, these are increasingly merging onto one single mobile device. We have seen credit cards merge into Apple Pay and devices such as those offered by August[6] that enable you to use your mobile phone to unlock the door to your house, so the popularity of the latest breed of mobile phones shows no sign of abating.
No turning back
Controlling data security of just one company-owned device used to be a much more uniform task than it is today. The systems administrator would not only know what devices the employees would be using but be able to wholly dictate what software was being run on them. They could then roll out updates in a systematic fashion, meaning devices could be kept secure with protective patches and security software installed to ensure that the end point was secure.
The high degree of blending of personal and workplace computing is irreversible. It’s aided by employees’ preferences for computing across multiple devices and for mobile apps, and by their affinity for consumer-led brands such as Samsung and Apple. It is now time to give staff the Apple Pay experience in the business realm, while protecting their own personal network of information by giving them their own enterprise-grade authentication via 2FA.
[1] http://www.juniperresearch.com/press/press-releases/iot-connected-devices-to-triple-to-38-bn-by-2020
2 http://hub-apac.insight.com/i/562352-acronis-whitepaper-enterprise-mobility-and-byod-for-dummies/9
3 http://www.networkworld.com/article/2854044/microsoft-subnet/byod-is-saving-serious-money-for-it.html
4 http://www.emarketer.com/Article/Wearable-Usage-Will-Grow-by-Nearly-60-This-Year/1013159?ecid=soc1001
5 http://www.ebizmba.com/articles/social-networking-websites
[su_box title=”About Steve Watts” style=”noise” box_color=”#336588″][short_info id=’60453′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.