It’s tough getting the productivity vs security balance right. If users have too much freedom in your network, risk increases. But productivity suffers if there are too many security gates.
Businesses need to recognise the importance of both. And not favour one over the another.
A recent report from Microsoft notes a dangerous lack of authentication security. Only 22% of users within Microsoft’s cloud identity provider “Azure Active Directory” had multi-factor authentication (MFA) enabled. This means that over three-quarters of users weren’t using MFA and so were at a much higher risk of an account breach.
Why do businesses fail to adopt important security protocols like MFA? We know that it’s as much as 99.9% effective at stopping fraudulent sign-ins. Yet so many companies aren’t adopting it.
User inconvenience is the biggest reason. MFA is not expensive. In fact, it’s free to enable in nearly all cloud applications. But if users say that it’s hurting productivity and is a pain to use, companies may not bother with it.
However, sacrificing security can hurt productivity worse than the relatively minor inconvenience of adopting MFA.
Downtime caused by a data breach is expensive and can put smaller companies out of business. The #1 cause of data breaches is credential compromise. So, if you’re not protecting the authentication process, the risk of a breach is high.
35% of data breaches initiate from breached login credentials.
The good news is you can have both secure AND productive users. It simply takes adopting some solutions that can help. These are tools that improve authentication security. But do it in a way that keeps user convenience in mind.
Solutions to Improve Security Without Sacrificing Convenience
Use Contextual Authentication Rules
Not every user needs to go through the same authentication process. If they’re working in your building, there’s a certain trust factor, but if someone is attempting to log in from outside the country, they don’t have that same trust.
Contextual authentication is used with MFA to target users that need to reach a higher bar. You could limit or block system access to someone attempting to log in from a certain region. Or you may need to add an additional challenge question for users logging in after work hours.
Companies don’t need to inconvenience people working from regular locations during typical hours. But they can still verify those logging in under non-typical circumstances. Some of the contextual factors that can be used are:
- Time of day
- Location
- Device being used
- Time of the last login
- Type of resources being accessed
Implement a Single Sign-on (SSO) Solution
US workers switch between an average of 13 apps 30 times per day. That’s a lot of inconvenience if they need to use an MFA action for each of those logins.
Single sign-on applications solve this problem by merging the authentication process for several apps into just one login. Employees log in and go through MFA just the one time.
Using multi-factor authentication isn’t nearly as inconvenient with SSO. Users gain access to all their apps at the same time. SSO solutions help organisations improve their security without the pushback from users.
Recognise Devices
Another way to better secure network access is to recognise devices, typically done using an endpoint device manager app. It automates some of the security behind user authentication and so doesn’t inconvenience the employee.
You first register employee devices in the endpoint device manager app, then set up security rules such as blocking unknown devices automatically.
You can also put in place device scanning for malware and automated updates. Both these things increase security without sacrificing productivity.
Use Role-based Authentication
Your logistics staff may not have access to sensitive customer information. But your accounting team does. One of them therefore can have a lower barrier to authentication.
Using role-based authentication saves time when setting up new employee accounts. Authentication and access happen based on the person’s role. Admins can program permissions and contextual authentication factors once. Then, the process automates as soon as an employee has their role set.
Consider Biometrics
One of the most convenient forms of authentication is biometrics. This would be a fingerprint, retina, or facial scan. The user doesn’t need to type in anything. It also takes just a few seconds to authenticate.
Biometric hardware can be costly, depending on the size of your organisation. But you can introduce it over time. You could roll it out with your most sensitive roles first, then expand from there.
Additionally, many apps are now incorporating things like facial scanning. User can authenticate using a typical smartphone, making it much more affordable.
Need Help Improving Authentication Security?
Don’t give up on important security for your business because you’re worried about user pushback. Get in touch with us and schedule a security consultation. We’ll help you make the process as pain-free as possible.
Article used with permission from The Technology Press.