0131 510 1234

Archive for category: Two-factor authentication

Data Privacy Day 2019

Data Privacy Day 2019

Data privacy. Take a second to think about these two important words and what they mean. More than merely a buzzword for the new millennium, data privacy impacts all our lives in a connected world, especially in the workplace.

Since the implementation of GDPR, the stakes are much higher for organisations that don’t take data protection as seriously as they should. A recent example of a company falling foul of GDPR is Google, recently fined £44m by French data regulators CNIL for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”. Although Google hasn’t experienced a data breach – the charge is related to consent.

Why data protection matters

The workplace has been transformed in the past decade. We are all more connected digitally on social media apps such as LinkedIn, Facebook and Twitter. Online services such as banking apps, Netflix and Amazon store our financial details on cloud servers. Add a massive increase in computer savvy criminals to the mix and you have the ingredients for a perfect data privacy storm. Data privacy isn’t “someone else’s problem”, it’s everyone within the company’s responsibility to protect personal and company information.

Data breaches and loss of company information has far-reaching consequences for a business. Reputational and profit damage resulting from negative press, fines and increased IT costs after the event are examples of additional expenses incurred by most businesses after an information security incident. Research also indicates that a data breach can be fatal for many smaller organisations.

data privacy day 2019 - mid section image

Simple steps to improve data privacy

Information security is a complex beast, with a myriad of products and services on the market. As with most things, you get what you pay for and most vendors specialise in specific sectors or verticals. Let’s remove ourselves from product-specific advice for a moment and focus on strategic methods to improve organisational data privacy.

Increase user awareness

Providing user awareness training is one of the first steps organisations must take to improve information security. Although employees are the greatest strength of an organisation, they are also a target for hackers.

Make users aware of their responsibilities and teach basics such as the importance of choosing strong passwords to protect app and account logins. It is important to keep your team up to speed on the many dangers that abound in email phishing attacks. Phishing is the number one method used by criminals to extract user credentials, business-critical information and finance details from unsuspecting employees.

Use encryption

Encryption protects data at rest and in transit from being intercepted by scrambling the information, presenting a string of nonsensical characters when reading without a unique decryption key. Encryption is particularly useful when protecting mobile devices such as laptops, tablets and smartphones as well as external hard drives and USB drives – all of which are easily lost or stolen.

It is also worth noting that protecting mobile devices with a password or passcode should also be a priority, adding a further security step.

Use a VPN

When employees need to send data between branch sites or access information stored on the corporate network from outside the office, investing in a VPN solution is essential.

A VPN extends a private network across a public network such as the Internet, enabling users to send and receive data securely as if their devices were connected directly to the private network. Data travels through secure tunnels, and authentication methods such as security tokens are required by users to gain access to the VPN server.

Use a reputable password manager

We log in to more online services than ever before, increasing the need to maintain high levels of security. Official advice from the Government’s cybersecurity arm, NCSC advises using a different password for each unique online service you log into. The reason for this is to stop criminals compromising all your online accounts should they successfully crack the password to your Facebook account, for example.

So, how are you supposed to remember all these strong and unique passwords keeping your information secure? The simple answer is to look into a reputable password manager. There are many options on the market and by doing some research, you will find the best one to suit your specific needs. Most password managers can generate complex passwords as well as prompting you to change passwords it thinks are duplicated elsewhere or are considered weak. Most products also work on all devices and will offer a prompt to help when filling out a form on a mobile device – very useful!

Enable Multi-factor authentication

Multi-factor authentication (MFA) adds an additional security step to the login process. MFA consists of a combination of two of three things – something you know, something you have and something you are. For instance, when you withdraw cash from an ATM, you use your bank card (something you have) and you enter a PIN (something you know).

Adding an extra step at the login stage such as an authenticator app or asking the app to send a unique code via SMS, increases the protection of that particular account. MFA is easy to set up and administer and will, in most cases, protect the information held within the network or account.

Develop a robust data privacy strategy

Obviously, there are many more ways to increase information security within the organisation and the list above is by no means exhaustive. Applying a strict set of security policies and ensuring your employees are familiar with processes is a key information security strategy. If you haven’t already done so, achieving GDPR compliance and Cyber Essentials accreditation provide additional data protection credentials, which can benefit your organisation in many ways.

Thanks for taking the time to read this article on data privacy day, at Network ROI we are passionate about IT security, and the safe, secure operation of our clients’ networks is our top priority. We are Cyber Essentials Plus and IASME Gold accredited which means we help businesses improve their information security stance.

Please call us on 0131 510 3456 or email  to discuss your data privacy and information security strategy, we’d be delighted to help.

What is multi-factor authentication?

What is multi-factor authentication?

Multi-factor authentication (MFA) is an extra layer of security that can be used to protect online accounts and other shared computing resources against unauthorised access.

The easiest way to understand MFA is to think about your bank card. When you withdraw cash from an ATM, you need your card (something you have) and your PIN (something you know). There is also a third factor (something you are) – your fingerprint, retina or other biometric information.

When you enter the wrong PIN, the cash machine won’t let you withdraw money and will prompt you to take your card. The same is true with MFA. When you enter the wrong details, access will be denied, and your information will remain secure.

Why is MFA important?

It is more important than ever to protect online assets.

1 – The threat of identity fraud is growing. Hackers have unfettered access to a plethora of personal information from social media accounts, making this type of fraud an easy win.

2 – We have more to lose. We are increasingly reliant on digital infrastructure to manage our lives. Dating, communicating, working, shopping and banking are just some of the areas dominated by digital technology.

3 – Streamlined access. MFA offers a simple and secure method of offering access to the right people at the right time.

4 – Providing another layer of protection against weak or compromised user credentials. MFA should complement strong user credentials; however, it can also provide an additional layer of protection against weak or compromised credentials in some instances.

5 – More organisations and individuals are being targeted by hackers. The chances of being targeted by hackers are increasing. Criminals have many motivations for accessing online data including theft, service disruption, data destruction and more.

What types of authentication exist?

Authentication takes many forms, most of which you will be familiar with already.

Examples of things you know:

PIN – a numeric password such as the one typically used to access your phone or to protect your bank account.

Password – A string of user-defined characters that may include numbers, symbols, upper-case and lower-case letters. It’s important to follow best practice when choosing a password, download our free password guide to get some useful pointers.

Challenge/response – Answers to questions that only you should know. This type of authentication method is less effective due to the amount of personal information available online. Pet names, high-school name, place of birth and even date of birth can, in many cases be accessed by online criminals.

Examples of things you have:

Magnetic stripe cards – Cards that contain user ID data.

Smart cards – A smart card has a pre-programmed integrated computer circuit, usually taking the form of a small chip. Examples include bank cards and mobile SIM cards.

Security tokens – Mobile apps and physical USB tokens that generate a unique one-time passcode (OTP) typically within a minute before generating a new code. Many companies also use SMS messaging to deliver OTPs.

Example of something you are:

Biometrics – Examples of biometric data include voice recognition, fingerprint and iris scanning.

It’s important to note that multifactor authentication is where two unique factors are used in conjunction with one another at the same time – i.e. a smart card must be used with a PIN. Similarly, a security token or authentication app is used to deliver a passcode which must then be entered into the system.

Identity Access Management

Many organisations are seeking to further streamline the login process by using Identity Access Management (IAM) solutions. IAM removes the need for users to know their login credentials and is used to login into apps. Passwords are generated automatically by the software, reducing the possibility of a simple weak password being chosen by the user.

Another benefit of using IAM is during offboarding. If users don’t know the login credentials to various web apps, they can’t access critical business files once their employment comes to an end, making life easier for system admins and business owners.

Why should I care about multi-factor authentication?

Multi-factor authentication on its own won’t be enough to protect your business online, but it will help to ensure your people are taking steps to protect their vital information. As your business grows and becomes more reliant on digital services to function, the threat from cybercrime will increase significantly.

Adding an additional layer of security to business and personal logins will help protect your information and will reduce the threat of becoming another hacking victim. Multi-factor authentication should definitely be in your IT security strategy wish-list this coming year if you haven’t already thought about it.

Network ROI can recommend MFA solutions to suit the needs of your business. Call us on 0131 510 3456 for a chat with one of our security experts today.