Verifying Your Users
Knowing who is accessing what in your business is a best practice that should always be followed. For businesses, running a virtual private network (VPN) is a foregone conclusion. While a wired network offers substantial security benefits and reduces inherent risks, there’s often no way to get around the need for a wireless network in place. Wireless technology is convenient, and it ensures that all devices can access the network, not just Ethernet-enabled desktops and laptops. In today’s increasingly tech-centered business world, that’s an important advantage. However, it’s also important that you protect your VPN against unauthorized access. Multi-factor authentication can do that very well. Why would you want to consider adding multi-factor authentication?
The Inherent Risks
Yes, wireless networks are very convenient. They provide on-demand access to the entire network across your organization’s location for devices without a hardwired connection. Considering the explosion of smartphones and tablets now seen in the workplace, that makes a great deal of sense. Whether you’re delivering a presentation to a new client, going over the annual numbers in a conference, training new employees or something else, wireless devices deliver good performance, portability and ease of use. However, your wireless network presents some inherent risks that could expose your entire business to hackers.
There are myriad risks presented by your VPN stem from the access method. Your employees log in with a username and password. That combination might be the oldest security solution in the tech world, but it’s also the least secure and the most prone to attacks. In fact, password security alone is not enough to verify that the person accessing your network is who they claim to be.
Why is that? It really all boils down to the problems with passwords. Complex, frequently changed passwords are virtually impossible for the average user to remember. To get around this, they’ll do one of two things:
- They will write down their list of passwords and store them somewhere they can easily access them when they need to log in. This is a terrible decision, and puts that information within easy reach of anyone passing by their desk, or who happens to have access to their office. If they store that document on a dongle, its loss could spell disaster.
- They will use either very simple passwords, or they’ll reuse the same password(s) on all accounts, sites, programs and platforms. Simple passwords can often be guessed, or cracked in mere seconds with the right software. Reusing the same password means that as soon as a hacker compromises one, they have access to all of the accounts to which that user is authorized.
There are workarounds to this situation. For instance, your business may require that your employees use very complex passwords that are changed on a regular basis. You may even have your IT department change user passwords directly, rather than waiting on your employees to do it. The problem here is that you’re creating greater complexity while reducing productivity and adding stress to the situation for both your employees and your IT staff. There’s a better way – multi-factor authentication.
What Benefits Does Multi-Factor Authentication Offer?
Before we get into the benefits of two-factor authentication, let’s discuss what it actually is. All systems that work on this basis (from Google to Facebook to business-only solutions designed for robust protection) work with two things. One thing the user has, and one thing the user knows. In the instance of Google’s authentication system, the user has their ID/account name, and they know the authentication code sent by Google to their smartphone. Facebook’s system works in the same way. Even business-specific systems work similarly.
For instance, in an OTP/PIN system, your user has one thing and knows one thing. They have their one-time-password (OTP), and they know their unique PIN. This combination creates a robust layer of protection that cannot be reproduced. This dramatically reduces the risks to your business because any authorized access would be associated with known users and incorrect access attempts would not gain entry (no logon session would be provided).
The benefits offered by multi-factor authentication should be apparent, but we’ll list them out anyway. They include the following:
- Better Productivity – Because users aren’t bogged down with the minutia involved with password management, they’re able to do what needs to be done, faster, and with greater accuracy.
- Fewer Headaches for IT – Your IT department has plenty to do without having to worry about user passwords, password resets, or protecting against threats that can be completely avoided using multi-factor authentication.
- Trust – Password-based security systems inherently breed distrust, particularly in a wireless VPN scenario. There’s simply no way to guarantee that users are who they say they are. This impacts every member of the organization. Multi-factor authentication builds trust by assuring you that users are who they claim.
- Risk Elimination – We’re not talking about risk mitigation, we’re talking about risk elimination. Multi-factor authentication removes those risks completely. There’s no chance that a password breach could expose your organization’s sensitive data. This offers immense peace of mind for both you and your clients or customers.
- Easy Implementation – If you think multi-factor authentication is complicated, you’re in for a pleasant surprise. When you use the right solution, the process is as simple as running the installer and configuring your ports for RADIUS traffic (with RADIUS VPN systems).
As you can see, there’s an immense amount to be gained by instituting this type of authentication solution and nothing to lose, except the risk of becoming yet another data breach victim. Of course, you need to choose the right IDaaS provider. There are several out there, and they’re not all the same. Choose one that can deliver a solution customized to your organization, rather than for general users. Remember that knowing who is accessing what in your business can be very helpful, and this best practice can be easily implemented via multi-factor authentication.