How to Balance User Productivity with Solid Authentication Protocols
A constant struggle in offices is the balance between productivity and security. If you give users too much freedom on your network, the risk increases. But if you add too many security locks, productivity can dwindle.
It's a fine balance between the two, but one you can achieve. Companies need to recognise the importance of both. And not sacrifice one for the other.
A recent report from Microsoft finds a dangerous lack of authentication security. Only 22% of Azure Active Directory users had multi-factor authentication (MFA) enabled. This means that more than three quarters were at a much higher risk of account breach.
Why are companies failing to implement important security protocols like MFA? We know it is 99.9% effective in preventing fraudulent logins. Yet so many companies fail to implement it.
User inconvenience is the main reason. MFA is not expensive. In fact, activation is free in almost all cloud applications. But if users say it interferes with productivity and is an inconvenience, companies may not bother with it.
But forgoing security can hurt productivity even more. Downtime due to a data breach is costly and can bankrupt smaller businesses. The leading cause of data breaches is compromised credentials. So if you do not protect your authentication process, the risk of becoming a victim of a data breach is high.
35% of data breaches are due to breached credentials.
There are ways to have secure users who are also productive. You just need to put in place some solutions that can help you do this. These are tools that improve authentication security. But do it in a way that keeps the user experience in mind.
It's not necessary for every user to go through the same authentication process. If someone works in your building, they have a certain trust factor. If someone is trying to log in from out of the country, they do not have the same level of trust.
Contextual authentication is used with MFA to address users who need to reach a higher bar. You can restrict or block system access for people trying to log in from a specific region. Or you may need to add an additional security prompt for users logging in after working hours.
Companies do not have to inconvenience people who work from a normal location during normal working hours. But they can still screen those who log in under atypical circumstances. Some of the contextual factors you can use are:
Time of day
Location
The device used
Time of the last login
Type of resources accessed
A report on US employees found that they use a variety of apps. Workers switch between 13 apps on average 30 times a day. This means a lot of inconvenience if they have to perform an MFA action for each of these logins.
Single sign-on apps solve this problem. They combine the authentication process for multiple apps into just one sign-on. Employees log in once and can go through the MFA one time
Using multifactor authentication is not nearly as cumbersome. Users get access to everything at the same time. SSO solutions help companies improve their security without users having to fight it.
Another way to better secure network access is to discover devices. This is usually done with an endpoint device manager. This automates some of the security behind user authentication. This way, the person is not inconvenienced.
First, register employees' devices in the endpoint device manager. Once this is complete, you can set up security rules. For example, automatically blocking unknown devices.
You can also set up device scans for malware and automatic updates. Both increase security without affecting productivity.
Your shipping employee may not have access to sensitive customer data. But your accounting team does. You can have a lower hurdle for authentication
Role-based authentication saves time when setting up new employee accounts. Authentication and access are based on the person's role. Administrators can programme permissions and contextual authentication factors once. Then the process is automated once an employee has established their role
One of the most convenient forms of authentication is biometrics. This would be a fingerprint, retina scan or facial scan. The user does not have to type anything in. Plus, it only takes a few seconds.
Depending on the size of your business, biometric hardware can be expensive. But you can introduce it gradually. Maybe use biometrics on your most sensitive roles first and then expand it.
In addition, many apps now offer features such as facial scans. The user can authenticate with an ordinary smartphone, which makes it much more affordable.
Do not sacrifice important security features just because you are afraid of user reactions. Give Onyx IT a call and schedule a security consultation.
Article used with permission from The Technology Press.
T: 01603 414142
E: getintouch@onyx-it.co.uk
Onyx IT has been supported by New Anglia Local Enterprise Partnership through the Growing Business Fund