Wouldn’t you love to have your company be completely secure and not have it be inconvenient at all? Security and convenience are a delicate balance for every company. They are polar opposites, the yin and yang of business life.
I usually describe it as locks on a door. You need a lock on your door. That’s better than none. However a lock isn’t quite good enough on its own, you should also have a deadbolt. More locks are better, right? But why doesn’t anybody have 3 or 4 deadbolts on their door? Because at some point you hit a threshold where you have minimal security gains with an exponential increase in inconvenience. Can you imagine trying to get in your front door with hands full of groceries and there are 4 locks?
More isn’t always better. In fact, it hits a point where it gets worse. Because people don’t want inconvenience, they look for shortcuts. Ever live in a complex where there is a community gate? That gate is propped open half the time because people don’t want to be inconvenienced by it. That gate is supposed to make the area secure, but the workaround makes it meaningless.
The same thing is true for cybersecurity.
Passwords are important, but if you use an easy to guess password then it is worthless. If you never close your applications or lock your computer, then it’s worthless.
Multifactor Authentication (MFA) is the easiest, and most common, way to increase credential security. Yet Microsoft shows that 78% of Azure Active Directory don’t use strong authentication such as MFA.
The key here is to establish business security that doesn’t get ignored and doesn’t bog down your employees with tedious sign in tasks.
Here are 4 ways you can balance your credential security and your employee convenience.
- Role-Based Authentication Rules
- Use Conditional Access
- Apply Multi-Factor Authentication (MFA)
- Adopt Single Sign-On (SSO)
Role-Based Authentication Rules
The biggest takeaway from role-based authentication is that not all employees need to have the same authentication process. Permissions and access can be defined by an employee’s role.
A shipping clerk doesn’t have the same access rights as your accounting team. Therefore, they don’t need as stringent security as the accounting team. The clerk might be moving around and constantly logging in and out fetching orders. A password could be sufficient without slowing him down with MFA. Your accounts payable team, on the other hand, needs to ensure that they are logging in securely. They would require MFA or some additional security need.
The brilliance of role-based authentication is that it makes it easy to manage. You make the roles once, then assign every employee a role. If you have a staff change, it’s easy to add and remove credentials and have the same, seamless security and access rights.
Use Conditional Access
Just like how not all roles need to have the same process, not all processes need to be based on the same criteria. I just wrote about how conditional access can benefit your business, and broke down how adding security rules can not only make your business more secure, but alleviate the headache of authenticating for some of your employees.
The easiest example would be in-office vs remote worker authentication. If an employee is logging in while inside the office, the rule can be set that they are not prompted for additional security such as MFA. However, if an employee is logging in remotely, that is a greater risk and additional security measures should be required.
The conditional rules can be set on several things though, including geo-location, login device, and time of day.
Apply Multi-Factor Authentication
Multi-Factor Authentication should be the first thing you think of when thinking about added security. It may be thought of as a nuisance because it’s an “added step,” but if you think about it the time committed to MFA compared to the amount of added security is astonishing. MFA is the easiest thing to implement that dramatically improves your security profile.
Any MFA is better than none, but not all MFA is created equally. For instance, email authentication is the least secure because email addresses can be compromised (and are commonly the login username). SMS authentication is the second least secure as phone numbers can be spoofed. An Authenticator app is more secure, and only takes a moment on your phone to access your added security code.
However, another step up from that, and possibly the most secure MFA is a hardware security key. The hardware device stores all credentials for a person, who simply plugs it into a USB port on the computer being used. Every time they need to log in, the key automatically authenticates for them. This is the least invasive as there is no prompting for additional codes, and it is even if credentials are compromised there can be no sign-on without the device being physically present.
Adopt Single Sign-On (SSO)
Single Sign-On is an application that merges the authentication of multiple apps into one. That means you only need to sign in once to gain access to all your applications. Statistics show that workers use an average of 9 apps per day, with managers using even more. That is a lot of signing in and out. Only needing to sign in (and use MFA) once can alleviate a lot of that inconvenience. Your business can improve its security using SSO without placing an additional burden on your team.
Take-Away on Security Balance
It is undeniably clear that businesses need to increase their security in order to protect their vital data. Any increase in security always puts some burden on the employees, but it is possible to minimize that. Utilizing some of these 4 methods to increase security while maintaining convenience for your employees with balance your security footprint without harming your productivity.
As a heads up, there is a new technology in the works, from the 3 tech giants Apple, Microsoft, and Google. It’s called FIDO, or otherwise known as Passkeys. Once it gets rolled out and implemented to be commonplace, we can add it to this list. Until then, we’ll have to stick with the 4 ways listed.
If you have any questions regarding these processes or need advice on what is best for you, get in touch and we can consult on what suits your company best.