When a “Passw0rd” Isn’t Enough: How to Really Protect Remote Access to Sensitive Data

Multi-factor authentication is a way for organizations to secure all platforms in such a way that everyone has access to the data and applications they need to work remotely, but in a cost-effective manner.

(Detail from The Sentry, by Carel Fabritius, 1654. Staatliches Museum Schwerin.)

Recently, cyber criminals hacked Italian surveillance vendor Hacking Team, stealing 400GB of data and then releasing it through the vendor’s hacked Twitter account. Among the data was a customer list that included governments and agencies from around the world who are surely bracing for the public backlash to follow. The slip-up that led to the hack? The company used passwords such as  “P4ssword” and “HTPassw0rd” for every system on the company’s servers.

This recent example of cybercrime just shows that it’s too easy to be hacked if you are only using a password to authenticate access, and this incident reinforces today’s reality that passwords alone are not enough to secure remote access to sensitive data. The weakness of a password-only approach calls for the development of an authentication strategy that protects the company’s platforms and users alike, reducing complexity while ensuring access and boosting the flexibility of remote workers.

Multiple third-party platforms reside within each modern network, including remotely accessed cloud apps. To ensure that the flow of business isn’t affected, security must be balanced with cost, convenience, interoperability, effectiveness and ease of use.

Multi-Factor Authentication

An effective answer to this weakness is to apply multi-factor authentication to the authentication process By confirming the user’s identity during the login process, it can protect data from hacking and phishing attacks and be seamlessly integrated into a number of third-party platforms. Real-time, mobile-based methods of authentication have proven to be a cost-effective way to significantly increase the level of security without requiring the user to learn a new authentication method for every application. A cross-platform approach cuts the number of security applications the IT department must manage.

In today’s global, remote workforce setting, authentication strategy must make it as easy as possible to safely access business applications from anywhere, at any time. By enabling administrators to use contextual information—such as login behavior patterns, geo-location and type of login system being accessed—to adapt the level of support needed, multi-factor authentication can offer security with surgical precision. For example, if the user is logging in from a trusted location where they have logged in before, they will not be prompted for a one-time passcode in order to authenticate.

Need more proof that multi-factor authentication is a business necessity? Consider these facts:

  1. From 2013 to 2014, the number of successful breaches went up by 27.5 Not only that, but they also took longer to be discovered and ended up costing the victim companies 30 percent more.
  2. The weapons of choice for hackers are weak or stolen user credentials, which are exploited in 76 percent of all network breaches.
  3. Hackers continue to innovate more effective methods for stealing passwords through phishing, pharming, keylogging and other methods.
  4. Now more profitable than drug-related crimes, identity theft is the fastest-growing type of crime. It is a relatively easy, low-risk, high-reward type of crime and a threat to all businesses.
  5. Hackers do more than steal information. Often they destroy data, change programs or services, or use servers to transmit propaganda, spam or malicious code.
  6. Companies with household names may be the ones making headlines when they are hacked, but they are not the only ones being targeted. Thirty-one percent of all targeted attacks were aimed at businesses with fewer than 250 employees.

So where do you start? Anti-virus systems, advanced firewalls and vulnerability tests are a good place. However, without user authentication, you are leaving the front door wide open to intruders. Don’t be afraid to implement user authentication. Employees are already accustomed to authenticating themselves in their personal lives, as providers of online services have all adopted mobile-based tools to effectively authenticate their users when accessing their systems.

Malicious actors will stop at nothing to take what they want, evolving new and effective methods of bypassing security strategies. It is in an organization’s best interests to secure all platforms in such a way that everyone has access to the data and applications they need to work remotely, but in a cost-effective manner. This is the genius of multi-factor authentication. With its convenient and familiar user validation, it simplifies IT while providing the missing security link to keep employees in and hackers out.

Claus Kotasek // Claus Kotasek is responsible for SMS PASSCODE’s overall strategy and management. He has an extensive background in building and managing high-performance teams in fast growing companies. Kotasek is a technology executive veteran with an extensive career in executive positions within the IT and telecommunications business including international positions at companies such Aastra Telecom and Ascom. He has both a technical background as well as an E-MBA from SIMI.

Leave a Comment