5 Ways to Balance User Productivity with Solid Authentication Protocols

5 Ways to Balance User Productivity with Solid Authentication Protocols

One constant struggle in offices is the balance between  productivity and security. If you give users too much freedom in your  network, risk increases. But add too many security gates, and productivity  can dwindle.

It’s a fine balance between the two, but one you  can achieve. Organizations need to recognize the importance of both. And not  sacrifice one for another.

A recent report from Microsoft notes a dangerous  lack of authentication security. Just 22% of Azure Active Directory  users had multi-factor authentication (MFA) enabled. This means that over  three-quarters were at a much higher risk of an account breach.

 

Why do organizations fail to adopt important  security protocols, like MFA? We know that it's as much as 99.9% effective at stopping  fraudulent sign-ins. Yet so many companies aren’t adopting it.

User inconvenience is the biggest reason. MFA is  not expensive. In fact, it’s free to enable in nearly all cloud applications.  But if users say that it’s hurting productivity and is a pain to use,  companies may not bother with it.

But sacrificing security can hurt productivity  worse. Downtime due to a data breach is expensive and can put smaller  companies out of business. The main cause of data breaches is credential  compromise. So, if you’re not protecting your authentication process, the  risk of becoming a breach victim is high.

35% of data breaches  initiate from breached login credentials.

There are ways to have both secure and productive  users. It simply takes adopting some solutions that can help. These are tools  that improve authentication security. But do it in a way that keeps user convenience  in mind.

Solutions  to Improve Security Without Sacrificing Convenience

Use  Contextual Authentication Rules

Not every user needs to go through the same  authentication process. If someone is working in your building, they have a certain  trust factor. If someone is attempting to log in from outside the country,  they do not have that same trust.

Contextual authentication is used with MFA to  target users that need to reach a higher bar. You may choose to limit or  block system access to someone attempting to log in from a certain region. Or  you may need to add an additional challenge question for users logging in  after work hours.

Companies don't need to inconvenience people  working from normal locations during typical hours. But they can still verify  those logging in under non-typical circumstances. Some of the contextual  factors you can use include:

·          Time of day

·          Location

·          The  device used

·          Time  of the last login

·          Type  of resources accessed

 

 

Install a  Single Sign-on (SSO) Solution

A report on U.S. employees found they use a lot  of apps. Workers switch between an average of 13 apps 30 times per day. That’s  a lot of inconvenience if they need to use an MFA action for each of those  logins.

Single sign-on applications solve this problem.  They merge the authentication process for several apps into just one login.  Employees log in once and can go through MFA a single time.

Using multi-factor authentication isn’t nearly as  inconvenient. Users gain access to everything at the same time. SSO solutions  help organizations improve their security without all the pushback from  users.

Recognize  Devices

Another way to better secure network access is to  recognize devices. This is typically done using an endpoint device manager.  This automates some of the security behind user authentication. Thus, it  doesn’t inconvenience the person.

First, register employee devices in the endpoint  device manager. Once completed, you can then set up security rules. Such as  blocking unknown devices automatically.

You can also put in place device scanning for  malware and automated updates. Both these things increase security without  sacrificing productivity.  

Use  Role-based Authentication

Your shipping clerk may not have access to  sensitive customer information. But your accounting team does. One can have a  lower barrier to authentication.

Using role-based authentication saves time when  setting up new employee accounts. Authentication and access happen based on  the person’s role. Admins can program permissions and contextual  authentication factors once. Then, the process automates as soon as an  employee has their role set.  

Consider  Adding Biometrics

One of the most convenient forms of  authentication is biometrics. This would be a fingerprint, retina, or facial  scan. The user doesn’t need to type in anything. It also takes just a few  seconds.

Biometric hardware can be costly, depending on  the size of your organization. But you can introduce it over time. Perhaps  using biometrics with your most sensitive roles first, then expanding.

 

Additionally, many apps are now incorporating  things like facial scanning. User can authenticate using a typical  smartphone, making it much more affordable.

Need  Help Improving Authentication Security?

Don’t give up important security because you’re  afraid of user pushback. Give us a call and schedule a security consultation.

 

Article used with permission from The Technology Press.