By Steven Hope, CEO of Authlogics
When I was growing up, we didn’t have sunscreen per se, it was more referred to as suntan lotion. It wasn’t part of the summertime ritual it is for many people today and getting repeatedly burned was part of the holiday experience – a price to pay for the tan that announced to everyone you had been on holiday. Even if you did apply it, the level of protection on offer was very low compared to nowadays.
If you are a parent of young children, chances are you make sure that they have sun cream on before they head off to nursery or school for the day (encouraged by regular email reminders). But when it comes to ourselves, many of us are probably a little more lax in our routine, preferring to balance the risk and the chances of getting burnt.
So, if we treat our own safety in this way, it is unsurprising that a risk-based approach filters into other areas of our lives. We all know the five second rule for food that falls on the floor (it isn’t true, just in case you didn’t know), going a few miles an hour over the speed limit, use a password like 123456, or a variation of it, for every account. They are things most people know they probably shouldn’t do, but on balance think ‘what harm will it do?’.
The problem is that these seemingly minor transgressions can and do cause harm, and the more times people ‘offend’ the greater the risk becomes. Of course, with risk comes the potential for ramification and in the case of passwords this means an over exposure to data breaches. Did you know that one in 250 corporate accounts are breached every month? And 80% of data breaches are caused by weak, stolen, or reused passwords! Reducing the risk of getting burned by a breach is similar to protection from the sun – more factors (if applied correctly) combined will increase protection.
The use of multi-factor authentication (MFA) may not be the first thing sunseekers and holiday makers think of when, for example, lounging on the deck of a cruise liner, but for one of the world’s largest operators – Carnival, it is certainly front and centre. This follows widespread reports this week that it has been fined $5 million by New York’s Department of Financial Services for cyber security violations including failing to implement MFA. It was a similar story a few months back when the Information Commissioner’s Office in the UK issued a fine to a company for (amongst other reasons) the lack of MFA.
Yet even for those who do implement MFA, they may well be doing the right thing, but are not doing things right. This is because many MFA solutions only provide a second factor (the first being a legacy password), so knowing that the password is a weak point it really doesn’t amount to true MFA. With this in mind, many consider the use of three factors – something you know (password, PIN or pattern), something you have (laptop or mobile device), and something you are (a biometric) – to be the optimal combination, balancing high levels of security with usability.
Security solutions like sunscreen have evolved in recent years, taking advantage of new technologies to offer far greater protection. However, whilst factor 50 might be perfect for your person, it may be somewhat excessive for your perimeter. Whether your employees are back working in the office, from home or the garden this summer, ensure that they have the right factors for protection.