After a long day at work, you’re about to cross the last thing off your to-do list: sending a few important documents to a client. But right at that moment, you realize you’re late for dinner, so you close your laptop and head out the door.
When you get to the restaurant, you whip out your phone and access those documents on your shared drive. You make a few edits, and then 一 even though you know you shouldn’t 一 you send the documents to the client using your personal email. Harmless, right?
Wrong. In many cases, keeping or viewing sensitive information on personal devices is illegal and could incur your organization a hefty fine. But worst of all, sending files on a non-encrypted device means they could be intercepted easily, exposing confidential information.
Unfortunately, these situations are all too common, particularly with the normalization of remote work and bring your own device (BYOD). Although IT teams are working diligently to close security gaps, the strategies that were working before aren’t working now.
To keep their employees and customers safe, companies need to go beyond password protection and find new forms of authentication. Enter: biometric technology. While biometric authentication isn’t a silver bullet for cybersecurity, it is rapidly becoming an essential component of a modern cybersecurity strategy.
In this piece, we’ll examine some of the distinct challenges of securing a remote or hybrid work environment, the relationship between multi-factor authentication and biometrics, and several tips on how to keep biometric information safe and secure.
Remote Work Security Challenges
Remote work existed before the pandemic, but it certainly wasn’t as widely adopted as it is now. Such a huge, unexpected shift to remote work presented a whole new set of issues for security professionals.
The use of unprotected home Wi-Fi networks and unsecured home devices opened companies up to vulnerabilities they hadn’t dealt with in the past. In addition, IT staff had to onboard new employees remotely, and gaps in setup could cause a cascade of problems down the line.
On top of that, shadow IT began to run rampant. Without IT looking over employees’ shoulders, people felt free to download new software and use it as they pleased, introducing even more possible attack vectors.
But that’s not even the worst of it 一 many employees began mixing their work and home lives. HP reported that 69% of employees used personal laptops for work activities, 70% used their work laptops for personal use, and 30% of remote workers let someone else use their work device! This is especially concerning for companies that operate in the EU and are legally bound to uphold GDPR policies.
At the same time, cyberattack volume skyrocketed, increasing by 238% globally since the pandemic started. The sophistication of attacks also increased, with cybercriminals finding new, more effective ways of circumventing IT protocols or duping employees with phishing campaigns.
To add an extra layer of protection, many companies are leveraging biometric factors of authentication. Securing cloud applications, shared drives, and even email with fingerprint, face, and voice scanners make it much more difficult for cyberattacks to occur.
However, as we’ll discuss later, biometric security issues can still arise, so companies must combine biometric and traditional techniques to stay vigilant.
Multi-Factor Authentication (MFA) and Biometrics
Multi-factor authentication, or MFA, safeguards information by requiring users to provide two or more ways to verify their identity. Typically, these forms of identity are something you know (like a password), something you have (like a smartphone), or something you are (biometrics). Nearly 60% of global businesses have already adopted MFA, but most rely on things people know or have.
But both of those forms of authentication are much easier for cybercriminals to manipulate. Not only that, they are easy to lose or forget. Inherence factors on the other hand, i.e., something you are, are much more challenging to spoof and always available to the individual who needs to use them.
People are also familiar with biometric authentication, as many phones and their applications are locked by fingerprint scanners or facial recognition software. When added to existing MFA systems, the pros of biometric authentication include greater security and a more seamless user experience
How to Keep Biometric Information Secure
It’s highly challenging for someone to steal your retinas, fingerprints, voice, or face, but they can still theoretically make copies. Cybercriminals have evaded biometric technology by wearing masks, using someone’s photo, developing fake fingerprints, and using voice recordings.
Plus, real biometric credentials have the potential to leak, and when they do, cybercriminals have a field day. For example, in 2019, a biometrics provider that served the UK police, banks, and defense firms suffered a leak of over 28 million fingerprints, facial recognition tokens, and passwords. This was detrimental to so many government agencies and businesses because employees’ biometric attributes can never be changed, and thus never used for protective measures again.
With these risks, it’s critical for companies who are implementing biometric authentication to take the precautions suggested below.
Limit Access
Not everyone needs to access all systems at all times. Utilize the native roles in every company application to apply the principle of least privilege and restrict permissions. By confining access to a small group of people, you limit the chances of biometric exposure. Also be sure to turn off any unnecessary services associated with those applications.
Enforce Encryption
Encryption is paramount and required for data that’s in use and in transit. Consider using runtime encryption to ensure data is protected at all times, including data stored on servers or hard drives.
Ensure Network Security
Your VPN is only as good as your network security, so review and continuously test your company’s firewall. Perform all necessary auditing and mapping, keep all software and systems up to date, and use cybersecurity software to monitor and address anomalies quickly.
Implement Live Detection
Cybercriminals have found, and will continue to find, ways to trick biometric sensors. Even innocent video conferencing calls can be turned into voice spoofs. Ensure that any sensors you use are interactive and come with built-in challenge-response features.
Use Anti-Spoofing Technology
As mentioned, attackers have found ways to get around biometric authentication with rubber masks or partial prints that still work on most fingerprint scanners. Consider using anti-spoofing technology in conjunction with live detection to block unauthorized users.
This protection method is particularly important because stolen fingerprints can put your employees at risk, giving cybercriminals access to other information, such as a user’s health or criminal records. Partial matches might also open the door to that same information for wide swaths of the population.
Make MFA Complex
The more information you add to your MFA requirements, the harder it is for cybercriminals to enter your system. Employ a diverse set of biometric authentication methods and combine them with conditional access policies such as GPS location or IP address, as well as trusted authenticator apps or other smartphone solutions such as push notification MFA to add more barriers to classified data.
Educate Your Employees
Employees are one of your best security assets. Teaching them about the dangers of using weak passwords, sharing biometric data, or compromising multi-factor authentication can go a long way in keeping your company and your customers safe.
Enforce MFA with a Cloud Directory Platform
The complications of remote work and the subsequent spike in cyberattacks have exacerbated the need for greater security protections at enterprises of all sizes. As a result, many companies leverage biometric technology to augment their security systems.
Employees are already accustomed to biometric sensors and would welcome a solution to password fatigue. IT admins gain greater peace of mind with an additional authentication method, knowing that biometrics can make an enormous difference in protection with the right precautions in place.
Even with all the benefits of MFA in mind, enforcing it across your entire distributed organization can be a pain. That’s where JumpCloud can help. JumpCloud Protect™ is a frictionless, one-touch authenticator app natively backed by the JumpCloud Directory Platform’s MFA functionality across devices, applications, networks, servers, and more.
This unique combination offers improved endpoint security, enhanced conditional access, and a simplified end-user experience. What’s more, JumpCloud Protect provides significant cost savings, by bundling packages and avoiding additional licensing fees.
Learn more about how JumpCloud Protect can improve your biometric security today.