higher. The issue is a delicate balance between your information’s security and your staffer’s privacy. According to O’Toole, the risk is that biometric information could fall into the wrong hands. Whenever you’re collecting sensitive data for verification, there is always the risk that it could be intercepted. And based on the idea that a biometric identifier can be intercepted, it can also be used for anything from accessing sensitive financial and other personal information, stealing an identity or committing any other number of scams. Compounding the issue are the facts that compromised biometric information can be used across multiple personal and corporate accounts; there is a constant threat of identity or physical theft; and your employee’s biometric identifiers are uniquely theirs and can never be changed if stolen. With so much at stake, what is the answer? In a separate interview, O’Toole noted that today’s businesses need a savvy, multi-pronged plan of attack that goes beyond traditional passwords, while not going so far as storing such unique, sensitive physical data. Segmenting Systems O’Toole argued that one of the most effective ways of keeping your network information (and remote employees) safe is a technique known as segmentation. Network segmentation is a physical or virtual approach that divides the system into multiple, tiered, accessible areas or “segments.” The best part is that each segment can act as its own sub-area, extending extra layers of security and control as needed. Think of it like peeling back the layers of an onion. By establishing separate perimeters around different pieces of information, O’Toole believes that you can help to cut back on most forms of risk. Segmentation can help to restrict access to multiple devices, stored information and other applications, all while also limiting or eliminating any communication between networks. This is, of course, a multi-tiered approach. Organizations should turn to firewalls to block the wrong traffic, while allowing access to that which is needed. At the same time, by streamlining your corporate policy and practices, remote employees face fewer questions about their own habits. These resources allow you to better oversee the types of access and traffic that your corporate network encounters. Password Management Alongside the idea of extending resources to your workers, it helps to enforce your own password-management rules for those employees. In particular, this includes mandating regularly scheduled password changes and eliminating reliance on previously used credentials. It is also assistive to create specific parameters around your workers’ logins, including: • Minimum of 8-12 characters. • Containing multiple character types. • Limiting login attempts to five tries. • Setting a backup email account for cases where one is locked out. • Options to reset credentials at any time. Of course, the key to all of this is enforcing proper authentication among your users, as this can ultimately be preventative of allowing password sharing in any form. Staying SAFE Companies should also consider employing proper SAFE authentication. The concept here is to demonstrate that the user (a) is who he or she says they are, and (b) has permission to view the informational tier to which they are attempting to gain access. Traditionally, this is accomplished by combining the above password-management techniques with multi-factor authentication (MFA). “There’s a big confusion in business, in general, between authentication and identification,” said O’Toole in her interview. “The confusion has really created a mismatch of solutions, which amplify the problem of access insecurity. So, when it comes to authentication itself, the misconception about passwords is that you actually need to know them. “No one,” she concluded, “needs to know a password ever.” In other words, turn to automatically generated logins that are unique, frequently change and validated by another type of verifier. While FIDO’s plan, at first glance, appears a convenient way to ascertain proper login, there are many who are concerned about what it ultimately represents. Your employees’ actual identity should belong exclusively to themselves. They’ll need it for everything from applying for a passport, opening and maintaining a bank account, traveling, taking out a personal loan and so much more. The goal is to identify who is logging in without risking every piece of sensitive information that is so unique to only them. In O’Toole’s own words, use a physical house key as your example. “Identity is used to identify yourself, for example, when you cross a country border. It does not automatically give you access, just validates that you are who you say you are,” she noted. “Your front door doesn’t recognize your identity; instead, you use your keys to unlock access.” No key, she continued, “simply means no access, regardless of who you are. Using common-sense, companies would hand over keys to employees needing access, and take them back when they leave.” J SECURITY 10 REMOTE WORK SOLUTIONS rwsmagazine.com
RkJQdWJsaXNoZXIy NTg4Njc=