Security vs. mobility is a tightrope IT must carefully and constantly walk in today’s mobile world. If you fall too heavily on the side of security, you may find team members getting frustrated, cutting corners, and struggling to maintain their performance. On the other hand, if you err on the side of convenience, you could leave your organization open to hacks and breaches.
Security is definitely worth going the extra mile, but it’s essential that IT combines security best practices with active, user-centric measures to ease the burden. Juniper Research estimates that more than a billion personally owned devices will be enrolled in BYOD programs by 2018. Further, businesses recognize that allowing employees to work from their smartphones can boost their productivity, flexibility, and even satisfaction.
But many organizations have not embraced mobile security as eagerly as they have embraced a mobile workforce. According to the 2016 BYOD and Mobile Security Report, one in five organizations suffered a mobile security breach and 39 percent of businesses cite security concerns as the number-one factor keeping BYOD at arm’s length.
Striving for balance in security vs. mobility
Authentication is one of the core pillars of mobile security. The 2016 Verizon Data Breach Investigations Report (DBIR) found that legitimate user credentials were used in most data breaches, with 63 percent of them using weak, default, or stolen passwords. Authentication minimizes the likelihood that credentials will be stolen, and there are a number of forms it can take.
Of course, the old standby is the username and password combo to log into an app or network. This approach fails at security vs. mobility—it’s not great for either. The most secure passwords are long, with multiple types of characters (uppercase, lowercase, symbols), and are not rooted in real or personal words (like a pet’s name). But few users have the patience to enter these lengthy passwords every time they sign into a network—especially if it’s a network they need access to throughout the day—but allowing users to stay logged in also represents a security threat. Typing on a phone is clumsy, so users may feel inclined to create simple passwords or set auto login to avoid typing the same information over and over. These measures of convenience seriously compromise security by making logins easier to hack and making any lost or stolen phones a serious liability.
To compensate for these shortcomings, new methods have emerged that strike a better balance between security vs. mobility. Two-factor authentication (2FA) is finally becoming standard practice. 2FA provides an additional layer of security on top of usernames and passwords by sending an additional code after a user logs in. Even if a fraudster manages to steal your login credentials, 2FA keeps them locked out of your account.
The second layer of authentication commonly takes the form of one-time passwords (OTPs). With OTPs, users are sent a password (or PIN) via a communication channel (SMS, voice) that’s separate from the application’s IP channel. This means the owner of the phone number is the only person who can access the password, which they can use to log in and verify their identity in the application. To further enhance the security of OTPs, IT can set expiration times, which gives hackers a smaller window of opportunity.
The future delivers on solutions
Biometric authentication is another fast-growing option. Phones now come equipped with fingerprint sensors, which people can use to log into apps—such as mobile banking—without typing in a username and password. This form of authentication is exciting for a couple of reasons. One, scanning a fingerprint requires less time and effort of the user than typing in a password or PIN code. More importantly, it’s highly secure, since the scenario in which a fingerprint can be “hacked” is pretty slim.
Finally, password managers are a promising opportunity for IT professionals to ease the burden of security awareness. Long, complex, and random passwords are the strongest. If employees have multiple apps and networks they log into, a password manager might be a great option for balancing security vs. mobility. Providers like Dashlane, LastPass, KeePass, Sticky Password, and others keep passwords in a “vault,” which generates strong combinations and securely stores them all, so employees only need to remember one.
Adopting these authentication measures that balance security, mobility, and convenience will help every employee be as productive as possible while ensuring your organization’s network remains safe. BYOD isn’t going anywhere, so it’s up to IT to make sure mobile security practices are as painless as possible.