Authenticating Identities to Mitigate Security Breaches and Improve Business Efficiency
In the era of big data, authentication and security have become evermore important pieces of the puzzle. Companies authenticate identity for a variety of reasons, such as protecting against a security breach, on-site access control and proper encryption of data. Used to make sure people are who they say they are, we see authentication employed most often for employee verification, protecting personal, financial and medical information, and in the sale of controlled substances, like cigarettes or alcohol. In addition, banks and healthcare facilities may soon require individuals to have IDs authenticated or biometric identifiers may be required to gain access to personal accounts. Not only does this help speed up transaction time and check-in processes, it also adds a layer of security to sensitive, personal information.
Addressing Internal and External Threats
As the Internet becomes more accessible, customers and employees are retrieving private information from more devices on more networks and there’s a growing expectation that information can be accessed remotely. As such, it is imperative that security and authentication procedures address both internal and external threats to identities and data.
Using unique identifiers like government-issued IDs or personal biometric identifiers will help to confirm the identity of both your customers and employees each time they attempt to access privileged information. Including these types of authentication into procedures will allow for thorough and trustworthy background screening; it will also facilitate the implementation of advanced access control procedures. A recent Forrester studyfound that, of the data breaches which occurred in the past 12 months, 46 percent originated from within an organization. That means that authenticating, just as much as controlling, employee access is critical to ensuring privacy and security.
Likewise, employing external access authentication measures to network security and customer accounts should not be overlooked. For both physical and cyber security, multi-step authentication is becoming a best practice and while it is not yet universally adopted, consumers are becoming more aware of the practices due to growing educational efforts. After all, the missing piece to customer acceptance is typically education.
“Educating consumers on best practices has shown to have a very positive effect on reducing fraud levels,” says Jonathan Hancock, Director, Fraud Product Strategy & Services at TSYS. “When customers fully understand that security measures are being used to help avoid the data breaches they frequently read about, they are more likely to participate in helping to protect themselves.” One of the most important, and often overlooked, components to a robust security plan is communicating with your customers. Companies that have experienced data breaches, like JP Morgan and Community Health Services, Inc., have increased their external communication efforts with customers to advise stronger passwords, and changing passwords more frequently. If that communication had been utilized before the breach, perhaps it would never have occurred.
Most people tend to use less than 10 passwords in their lifetime. Once a fraudster captures one password, it isn’t difficult for them to crack the slight variations of that same password. Additionally, it is important to keep in mind the strength of your password. Based on planned password hacks, Ars Technicagives the following advice, “Take pains to make sure passwords are a minimum of 11 characters, contain upper- and lower-case letters, numbers, and aren't part of a pattern.” Once a password is strong, combining it with a biometric layer of authentication increases security, and ultimately peace of mind.
Technology as a Deterrent
Invest in and incorporate new technology into security processes on a frequent basis, and don’t be afraid to talk about it. When companies are known to have meticulous and advanced security processes, breaches are less likely to even be attempted. There are a variety of companies employing this logic, of which, Disney is one.“At Disney World, a mix of RFID-enabled wristbands and biometric fingerprint scanners have been used to ensure that only the person whose name is on the ticket enters the park. This helps to prevent visitors from lending, sharing or even selling their ticket to others.”In the end, Disney’s use of multi-authentication effectively ties the actual person to the purchased ticket, and does so without using anything as flashy as biometrics. Passwords, text or phone verification, government-issued IDs, and even coded RFID tags are all second-layer or even third-layer authentication steps that can be employed.
As security breaches happen more frequently and to more companies, the trend to invest in security measures will increase, ultimately resulting in protection against fraud as well as better user experiences. Even if criminals don’t obtain something as scary as a Social Security number, their ability to access information about gym memberships, birthdates or e-mail addresses can sometimes be just as detrimental. Target, JP Morgan and eBay all experienced unparalled security breaches because of password issues. These breaches took a toll on the company that was attacked, but other companies as well. Consumers with compromised accounts had to shut down their credit cards, in turn impacting other businesses like fitness clubs or streaming television providers. “The closing down of countless credit card accounts has not only caused a severe negative impact on reliable monthly dues but has also caused a huge disruption because of greater cancellations of memberships.”
By instituting a method that relies on a unique personal characteristic, the likelihood of a security breach can decrease. Remember, strengthening security does not need to jeopardize accessibility. Implementing new, modern approaches to authentication creates a solid foundation for an effective and dynamic security solution.