Maria Pihlström, Global Marketing Manager, Fingerprint Cards AB
Over the last few decades, new technologies have brought tremendous change to the way we work. Widespread internet connection advances, alongside the growth of cloud-based shared working platforms, for example, have allowed for increasingly flexible working arrangements.
With this greater flexibility, however, comes greater security demands - both in and outside the office. Combined with the sharp rise in home working in response to the current pandemic, the spotlight on IT departments to maintain ‘business as usual’ without compromising corporate privacy has intensified.
To keep companies’ data and networks safe, a new era of workplace security is needed. And with passwords under scrutiny, reviewing more secure authentication methods, such as biometrics, is higher on the corporate agenda than ever before.
Passwords - the end of an era?
According to a recent report, usernames and passwords are the most common method of authentication when it comes to securing the digital assets of enterprises.
Yet although passwords are easily replaced when compromised, between phishing, hacking and simple guesswork, they are also easily compromised. According to IT professionals, this problem is only getting worse, with 54% reporting an increase in phishing attacks. Once stolen, passwords can be used to enter untrusted apps or websites and give rise to even greater data breaches – the number one consequence of phishing attacks.
In parallel, 6 in 10 people feel they have too many passwords to remember and 99% of them admit to reusing the same password across different work accounts. Not only does this lead to frustrated employees, it’s also creating a significant business cost for IT departments. In fact, in 2017 Microsoft calculated that in just a single month the company had spent $12 million on forgotten passwords.
The humble password is no longer enough to keep workplaces secure in a convenient and cost-effective way. Additional or alternative layers of authentication are needed to help push enterprises into a new era of workplace security.
Biometrics - Workplace authentication, but smarter
60% of hacking incidents involve the use of stolen credentials, but one authentication solution that could bring an end to large-scale hacking attacks is biometrics. Unique biological traits are extremely difficult to steal and spoof, making biometrics a more secure method to authenticate users and prevent fraud in companies’ networks.
In addition, for highly sensitive areas or information, it is possible to layer biometric modalities to create a convenient and highly secure multi-modal authentication solution. And although spoofing a fingerprint and iris in the same attack is near impossible, the end user experience is also no less convenient - you can glance at a sensor, for example, while putting your finger on a touch sensor at the same time.
In the workplace, biometrics can be used to secure a wide range of devices and access points, from laptops and applications, to access pads and key fobs. And in combination with existing authentication solutions, biometrics offer the possibility to add frictionless layers of additional security to any aspect of the current security systems.
Beyond bringing convenient and cost-effective security, biometrics can be used to simplify access to personalized settings or employee accounts when using shared devices, such as a printer system, and even set their preferences at a coffee machine at work or a ‘hot desk’ computer. This way, biometrics can not only play a role in securing the modern workplace, but can also improve convenience, saving time and giving employees greater flexibility over how, when and where they work.
But what about biometrics and privacy?
One common concern for many employees and employers alike is privacy and liability. Given the highly personal nature of the data collected, it is no surprise, then, that many raise questions about the use of biometrics for workplace security.
Of course, employers have a legal duty to adhere to the relevant workplace privacy laws, such Europe’s GDPR, and this duty extends to biometrics. But when implemented in line with best practice, biometrics can actually protect employees’ privacy far more effectively than its predecessor, passwords.
By championing an on-device approach, where all biometric data is stored and processed on the device - whether that is a laptop, smartphone, USB stick or key fob - employees can rest assured that no one will be able to access or steal their biometric data as it never touches the cloud. And if they lose their key fob, for example, they don’t need to worry about it falling in the wrong hands or someone else using it. Meanwhile employers free themselves from the technical and legal complexities of managing a biometric database. A win-win.
Because biometric data is so difficult to steal and spoof, by adding biometric authentication to end-point devices, data breaches can be considerably reduced, ensuring that both employee data and sensitive corporate information stays under lock and key.
The future of workplace security is now
It is clear to see that passwords alone are no longer enough to secure the modern-day workplace. As people work more flexibly, systems are shared more frequently, and attacks get smarter, data security is more important than ever before.
The pressure is on to reassess the physical and logical access control infrastructure. New and additional authentication methods are imperative to keep personal and corporate data safe. Thankfully, the benefits of biometrics are often far simpler to realize than many enterprises imagine.
Compared to other forms of authentication, biometrics offers a considerably more secure and convenient solution in one that can easily be integrated into existing enterprise security infrastructure – without the need for huge biometric databases to manage or fear.
So, whether as part of a multi-modal authentication system or to replace outdated passwords, biometrics can play a crucial role in taking workplace security to a more mature, secure level for both physical and logical access control. After all, the new normal is now.