Page 29 - index
P. 29
Verify employee identity with multi-factor authentication
As with most businesses, the importance of knowing who is trying to access information
cannot be understated. This is why many companies use name badges, unique computer
logins and even license plate number tracking for parking spaces. But most employees say
the same thing about passwords on their mobile devices: it’s just too difficult to remember a
complex password and too cumbersome to input it multiple times a day (imagine having to
enter a 12-digit passcode on an iPhone just to make a phone call).
Instead of relying solely on employee passwords for security, agencies can use multi-factor
authentication to increase protection. In conjunction with passwords, employees can be
verified by directory services, such as AD/LDAP. By integrating security with directory
services, IT ensures that users must know the device passcode in addition to being a
recognized user in the corporate directory. Another form of validation is the use of tokens.
These are one-time-use codes used to verify employee identity for a single active session.
For example, many webmail providers use two-factor authentication where users must enter
their regular password along with a unique code sent to their mobile device. Because tokens
can be used only once, would-be attackers cannot gain access by knowing just the tokens.
The added benefit is that these codes can require the user to have an additional device
independent of their computer, such as their cell phone, on which to receive the token,
adding another element of identity verification.
Set advanced device restrictions to limit functionality
Encryption and multi-factor authentication can keep unauthorized users out of protected
document stores. However, once a user is inside, what is keeping them from forwarding the
information to a personal email account or sending documents to the office printer? Although
employees can be authenticated, this does not prevent them from making mistakes or
jeopardizing security on their own, whether accidentally or intentionally.
A proven way to prevent data leakage of sensitive content is by using device and application
restrictions. Common restrictions include limiting access to the camera, preventing
screenshots within certain applications and stopping connections to unsecure Wi-Fi
networks. With respect to content, government agencies can prevent copying/pasting,
sharing, email forwarding and printing while employees are within the content application.
These features can even be assigned to different users based on their AD/LDAP
permissions, enabling certain users to print or share files while disabling these features for
others. Customizing the experience for different users establishes levels of trust to protect
information from leakage while promoting/encouraging employee productivity throughout the
workday.
Despite these efforts, content can still be leaked if employees aren’t aware of how to
proactively secure information. Establishing safe device usage habits, smart password
policies and most importantly, meaningful reasons to follow the rules ensure that employees
act with care when using sensitive information. Encryption, multi-factor authentication and
device restrictions, in conjunction with conscious security measures, will keep government
documents safe and in the right hands.
29 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
