While many companies will acknowledge that securing a remote workforce has always been a task that was pushed to the side – nothing brought it more to light than the forced work from home order that was implemented in 2020. Due to this sudden shift, many companies were left ill-prepared to say the least. According to Pulse Secure, nearly a third of companies were not prepared for working from home at the start of the pandemic. While employees could take advantage of shortened commutes or more time spent with family, hackers took advantage of poor remote workforce security protocols.
According to Malwarebytes, 20% of companies experienced a data breach caused by remote workers in 2020.
- Get rid of passwords
Passwords: the subject of love/hate relationships across the security and IT world. While they may seem to provide some level of security, they’re usually the exact thing that allows hackers to infiltrate an organization. Employees loathe them since they have to remember multiple versions of illogical words and numbers to gain daily access to their own accounts – causing low levels of productivity and endless amounts of frustration.
A solution like passwordless login using biometrics solves the issues of both security and user experience. IT departments within enterprises can rest assured knowing that employees are logging in safely and securely. Employees can seamlessly access their accounts and focus on their actual work rather than dealing with IT issues. Implementing a passwordless solution also ensures that IT departments are not flooded with requests from impatient remote workers.
It’s impossible not to mention FIDO when talking about passwordless security. Their latest standard known as FIDO2 effectively solves the issues of traditional authentication by addressing the security, convenience, privacy and scalability issues that are commonly lacking. They allow for a better user experience that uses the built-in capabilities, such as finger and face scan, of devices to enable strong authentication. The beauty of implementing FIDO2 rather than relying on passwords is that there is essentially nothing for hackers to steal or manipulate.
- Implement adaptive, real-time risk detection
It’s one thing to authenticate before a session but what about during? Enterprises need a centralized authentication solution that can monitor all your apps, programs and technology no matter where they live (cloud or on prem).
You need a workstation login solution that’s able to detect (and take action) of any anomalies all while keeping your employees’ productivity in mind. Transmit Security ensures this by using Gartner’s Continuous Adaptive Risk & Trust Assessment (CARTA) model. Giving enterprises a solution that’s reliable and adaptive without ever compromising your data and security.
- Prepare for BYOD situations
As we saw in the start of the pandemic, many companies didn’t have time (or resources) to prepare their employees with work issued devices which meant employees had to use their own devices. While it may have been ‘okay’ as a temporary solution and even convenient for both parties, BYOD brings on a whole new set of security threats that need to be addressed and dealt with in order to protect your company, workforce and data.
The solution? A centralized authentication service that doesn’t require complex set up. Transmit Security’s WorkID rids your workplace from passwords regardless of location or device using passwordless risk-based MFA. Since access is tied to users’ biometric information (instead of the actual device) you can prevent identity fraud and data breaches in real-time. With WorkID, you can maintain all of the convenience of BYOD with none of the risk.
- Educate your workforce on security hygiene
Against the wishes of any IT department, security is not always your employees’ first thought when it comes to their work. This was made abundantly clear during the work from home shift that took place. Workforce was left frustrated by IT issues stopping them from getting on with their work. IT was left in a spin trying to solve everyone’s problems – remotely.
Just last year, Twitter employees became victims of a chain of phishing attacks. Hackers were able to gain information from remote workers by pretending to be part of Twitter IT administration. After they successfully stole user credentials they gained access to high profile Twitter accounts with millions of followers each, including, Elon Musk, Barack Obama and Apple.
Considering this setup is here to stay, it’s worth finding an employee access solution that is stress-free and easy to understand. A solution that satisfies IT in terms of security but that allows employees to get on with their work. That way your employees are more likely to get on board with your security plan.
On top of that, go over or reiterate security practices that should be taken when employees are faced with certain scenarios. This could be how to spot and report a suspicious email. Ensure security hygiene training is included in the on-boarding of all new employees.
- Embrace the decay of the perimeter
It’s safe to say that the effects of Covid-19 accelerated the decay of the ‘perimeter’. Meaning that the many assumptions that acted as the basis of an organization’s security philosophies have now become invalid. Given the dynamic and hybrid nature of data centers and corporate networks that spread across multiple locations and cloud environments, there is no way that one static perimeter control can secure all of them.
Looking to 2021, companies will need to re-think the suite of security controls they need to deploy. So what can replace the age-old VPN? Solutions that are agile and scalable. Plus, the ability to align and unify multiple authentication and identity and access management (IAM) solutions.
Want to learn more about our passwordless risk-based MFA solution? Visit WorkID on Transmit Security today!