Knowing your network: identity management

The increasing number of cyber-attacks on consumers, and businesses alike, highlights the fact that the corporate world has a lot to reflect upon when it comes to how we protect digital identities and safeguard our data. 

Anurag Kahol, co-founder of Bitglass, a Forcepoint Company, discusses the risks of password usage, regulatory compliance, and the importance of better identity and access management (IAM) processes in the workplace. 

In today’s increasingly digital workplace and consumer landscape, every technology user has a unique digital identity based on their online presence. Whether it’s social media activity, login credentials, financial records or web history, digital identity is something businesses must strive to safeguard in the same way as we might protect any physical forms of identification. But without a strategic approach to identity access management or formal processes in place, today’s businesses make themselves increasingly vulnerable to identity theft or fraud. 

The exponential surge of data on the web makes protecting employee and customer data increasingly challenging, with accelerated digital transformation efforts of the past year adding fuel to an already raging fire of cyber-related vulnerabilities. 

The pandemic’s impact on the modern workplace has undeniably created a perfect storm in terms of corporate security. As a result, businesses must strive to educate staff, implement new processes, and regularly review identity management to protect themselves and their customers in the long term.

Why passwords pose a continuous risk 

Over 80% of hacking-related security breaches involved the use of misplaced or stolen credentials. 

In recent years, many big-brand security breaches have reached the headlines, including that of Marriott, which suffered a significant incident after a cybercriminal hacked into the accounts of two of their employees. This attack saw the personal identifiable information (PII) of 5.2 million of their hotel guests compromised, costing the brand not only £18.4mn in fines, but also a hefty dent in their global reputation. 

The recent hack of US-based software company SolarWinds Inc, was also reportedly triggered by the leakage of a weak password which saw threat actors gain access to the network. 

Many businesses enforce regular password changes to mitigate credential vulnerability, but as employees are likely to use new passwords across multiple platforms and accounts, this approach only works as a temporary fix to a wider problem. Memorizing multiple different passwords for every platform is a challenging and arduous task, which means password reuse is becoming increasingly commonplace as technologies evolve. 

Businesses looking to safeguard employees and (by extension) customer data, must implement better password hygiene and stronger authentication controls to adhere to compliance and protect their sensitive information. 

Why adhering to regulations could save your reputation

When a large amount of data is stored and collected, data security and brand reputation become intrinsically linked. For the likes of SolarWinds and Marriott, the costs in customer loyalty, and brand reputation could have been significant.

Those who collect customer data in any capacity have a responsibility to keep that data safe, whether to remain compliant or to gain and retain trust. But the EU regulations stipulate stringent laws when it comes to data privacy. The EU’s General Data Protection Regulation (GDPR) has been in place since 2018, and businesses should see this as a positive, ensuring they tick all the boxes when it comes to protecting their customers, and subsequently, retaining their trust. 

Businesses that fail to comply with data protection regulations risk being fined, or even losing their business altogether. 

Identity management best practice 

To remain ahead of the curve in the evolving security landscape, businesses and consumers alike should work together to ensure the best possible security levels at every touchpoint. Modern businesses should be aware that passwords, no matter the length, complexity or uniqueness, reliance on password usage will always pose a risk. 

Considering this, organizations need to review their cybersecurity strategies and processes to help mitigate and defend against the increasing frequency and sophistication of cyber-attacks. 

A key starting point for those wanting to implement more fail-safe security is to examine your identity and access management, first by taking a look at the following tips: 

1.Implement multi-factor authentication (MFA) and Single Sign-On (SSO)

Asking employees to memorize dozens of long and complex passwords has become an impractical and outdated way to keep your networks secure. Thankfully there are several solutions on the market that are designed to reduce the risk of credential theft, and also enable a more friction-free experience for users. 

Multi-factor authentication underpins your infrastructure with an added layer of security. Third-party apps such as Google Authenticator or SMS tokens sent via text message are a good solution for those looking to add an extra layer to their verification process for users. Using SSO, users can access a number of disparate cloud-based resources simply by logging into a single portal. 

2.Keep track of user behavior 

It’s important to monitor employees’ network activity and behavior to identify and act on any abnormalities. For example, monitoring typical login times for your workers, knowing their respective home IP addresses will help to identify suspicious behaviour and enable you to confirm whether a user is truly who they claim to be online. Using context-based, step-up authentication, businesses can more effectively verify a users’ identity according to their usual day-to-day activity, locations, and devices. 

3.Communicate and educate 

Getting your workers and other network users on board with your new identity management processes is a crucial step on the journey to a more secure infrastructure. Even if your organization has all the right solutions in place, your new security strategy will rely on educational resources and regular communication with users on the ever-evolving threats. For that reason, it’s a good idea to implement a regular training programme to keep employees informed on how to effectively safeguard their own, and your customer’s digital identities. 

Identity management and awareness of the threats involved with work life and daily lives that revolve around the internet has never been more critical.  

READ MORE:

• Ubisecure releases major update to digital identity management software – ‘Identity Server 2020.1’
• Overwhelming identity theft risks demand a new approach to securing personal information
• How Can Europe Do Better? GDPR and Data Protection Best Practice
• GDPR: All bark no bite, three years on

Examining current identity access management, weaving in the above tactics, businesses can more proactively defend workers and customer’s sensitive information at every level of the modern corporate ecosystem. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter