Biometric identification: an easy way to forget about passwords

/0 Comments/in , /by

Trust is an important aspect of a relationship. Communication within the company, the exchange of information with customers and partners, any business interactions involving two or more individuals, in one way or another, are based on the trust of the participants in the process to each other.

If we are talking about the “consumer-company” relationship, then not only the cost of the product or service, but also the reviews about the company play a key role in the client’s behavior model. The abundance of negative comments in the Internet is a bell which signals that it is better to look for another place to make a purchase.

Inside the business, the scheme works the same way. A request to pay a bill from an unknown person, who was hired only yesterday, is perceived as a risky operation that requires additional validation – confirmation of the leader. At the same time, the exact same request from a colleague from a neighboring department, with whom more than one cup of coffee was drunk – a self-evident task that does not cause suspicion.

The study of basic behaviors is at the heart of social engineering: why ram thousands of dollars on equipment and attract high-quality technical specialists in hacking, if it is possible to put pressure on the most vulnerable link of the security perimeter – on a person.

Phishing and other popular methods of data theft necessarily involve the use of disguises that inspire confidence in the victim, because it is the easiest way to force an employee to make a transaction or send confidential information pretending to be his head, colleague or representative of regulatory authorities. Of course, it is possible to create a virtual identity that suits better the situation. But this method does not guarantee success: an attentive employee can expose the substitution.

To help the attackers who are concerned with the “correct” disguise, the darknet is always ready to come to the rescue: you can buy stolen accounts in it for a mere penny. According to statistics, only in 2017, more than 16.7 million usernames and passwords were stolen in the United States, which were later put up for sale on hacker forums. If you extrapolate the statistics to the whole world, the disaster will amaze with its scale.

Of course, the darknet is not a panacea, because the necessary disguise may not be there. Therefore, multi-pass operations come to the rescue. During the first phase, the attackers need to steal the personal or work account of someone from the company’s staff. In the second stage, the disguise will help convince the victim of the legitimacy of the social engineer’s requests.
Every year, the effectiveness of such schemes is steadily increasing. For example, in 2018, the number of illegal financial transactions carried out thanks to stolen digital accounts increased by 55%!

The reason for the growth of cybercrime is the weak protection of accounts, because simple usernames and passwords are not enough barriers for attackers. Modern hacking tools and proven social engineering schemes make it easy to bypass authorization forms and steal a “digital identity”.

Large foreign companies and experts in the field of information security have come to the conclusion that the only effective tool to reduce risks is authorization by biometric parameters.
Bright examples of such technologies, which have already become widespread, are right next to you, just remember the AppleID face recognition system or the Amazon Echo voice. And additional biometric authentication of personnel is already being implemented everywhere in international corporations, banks and large production facilities. Such innovations allow to solve a whole range of security service tasks.

Employees no longer need to remember long passwords and, moreover, write them down on a piece of paper glued to the monitor. Face recognition authorization will prevent illegal access to the work machine, even if the access codes were stolen.

If the enemy is inside the company, systems similar to FaceID will not let the insider go beyond the operating system loading screen, and the Security Service representative will be able to record an attempt to access the data and conduct an investigation.

Today, access codes consisting of symbols are gradually turning into a vestige of a past era. They are too easy to steal, which means that they do not protect valuable information, but only create the illusion of security. Following the trends, modern security systems are abandoning the remnants of the past, gradually switching to more reliable methods of authentication using biometric parameters. The simplest and the most reliable is face recognition. Web cameras are available on almost all office computers, so setting up and implementing software systems that distinguish one employee from another will not require additional financial investments or excessive labor.

Biometric authentication software modules are a logical step in the evolution of security systems. Identification of users’ faces not only increases the reliability of protection, but also helps to solve a number of business problems. For example, to control the implementation of the “four eyes principle”, to determine the author of the document, or to control the atmosphere in the team. Analyzing the facial expressions of the staff, which the systems are gradually learning, will help you understand how satisfied the team is with the current tasks and working conditions. But the quality and efficiency of work largely depend on interpersonal relationships in the office.

Information security: basic principles of risk management in small and medium-sized businesses

/0 Comments/in , /by

Many chiefs believe that medium and small businesses are well protected from data leaks. What kind of attacker would like to spend money and effort on a company of 50 people? And in a company with 10 employees, there will definitely not be an insider: after all, everyone is under the supervision of the boss.

This view is fundamentally wrong. The statistics are stubborn: 43% of cyberattacks target small firms. And 60% of small and medium-sized businesses that were “lucky” to encounter a data leak were closed six months after the incident.

Risk management will help you cope with the challenges of the modern digital age. Predictively identifying “bottlenecks”, the chief will protect the company as much as possible and, at the same time, not only avoid possible losses from leakage, but also be able to save money by implementing exactly the protection tools that are necessary for specific business conditions.
The basic plan to minimize risks is simple, and consists of only 3 points.

1. Identity management: managing information about users and processes of corporate networks

The main task of the chief is to segment the information by the degree of importance and restrict access to it. It sounds very simple: gave the employees a complex username and password, hid the databases from public use, and the rule was fulfilled. In real life, this approach is more harmful than helpful.

It would be better to start with an analysis of business processes, which will help to understand exactly what information is most valuable, who among the staff should access it as part of their job responsibilities, and what will happen if the procedure becomes much more complicated. Mindless bans will slow down the work of employees, reduce efficiency, and provoke violations. For example, one of the managers will start “sharing” their access codes, only because the endless matching of requests to the database of customers or suppliers can lead to the failure of transactions due to inadequate deadlines for processing applications.

Putting efficiency at the forefront, and setting bans on mass access to sensitive data based on current operational processes, the chief will significantly increase the level of information security without reducing labor productivity.

In addition, as part of the measures to delimit access, you can always use the “cheat code” – biometric identification systems. For example, authentication using face recognition systems is much more reliable than using multi-digit usernames and passwords that employees stick to the monitor or store in files on the desktop. The authorization process itself, in the presence of such systems, is significantly simplified and accelerated, since you no longer need to remember complex combinations and type them on the keyboard. But time is money.

2. Management of backups and updates

“Holes” in outdated software, critical incompatibility of old and new applications — the basis of most leaks.

A key factor in reducing risks is timely software updates. And it’s not just about security systems, you need to keep track of the latest updates of all sorts of “office” programs.

In companies, it is not uncommon for the security system to control a new version of accepted software, and employees still use the old one. This approach is a direct invitation for hackers.
The rule works the other way around: if the manufacturer has released a fresh security system integration, which takes into account the features of the latest versions of “office” programs, and the company holds off to update its “shield”, you should be prepared for the fact that some of the options of the new software will be out of control.

And, of course, do not forget about regular backups: if an emergency still occurred, the information will have to be restored. The absence of a backup can deprive a business of a place in the market in one second.

3. Monitoring

The more elements that are monitored – the less risk there is. Monitoring of installed programs and hardware in the PC will help to detect infection with viruses and miners, to conduct an inventory of “software” and its versions, to prevent the theft of “hardware” – discrete video cards,” slats ” of the core memory and hard drives. Tracking the geolocation of laptops will allow you to catch a thief and prevent the “leak” of information to third parties.

And, of course, the main task is to monitor the most vulnerable link of any business – personnel. The control of the “human factor” is a key element of modern risk management. Banal errors, such as sending data “in the wrong window”, saving working information to a flash drive or sending data to a personal email-a potential source of serious problems and losses. Special attention should be paid to insiders, who can appear even in a company consisting of 3 people . Their malicious actions always lead to serious financial damage, up to bankruptcy.

Using the principles of risk management and following simple rules, the business owner will not only significantly increase the level of information security and avoid a number of emergencies, but also save money by implementing only the most effective and necessary security systems.