They quit their job, but did their ID?

Once confined to ID badges, licenses, loyalty cards and even user names and passwords, identity is taking on a whole new meaning.

Today’s connected world is changing the way we perceive identity. Once confined to ID badges, licenses, loyalty cards and even user names and passwords, identity is taking on a whole new meaning – one that’s marked by increasing complexity. Although fundamental elements, including our name, address and credit history, will still play a vital role in proving who we are, virtual spaces require deeper context. From retail websites to online banking apps, traditional forms of identity fall short of providing the security needed to operate within cloud-based and mobile-enabled environments.

Rather than consisting solely of usernames and passwords that can be easily faked, identity is shifting toward things that are inherent in our lifestyles – namely devices, locational services and our behavioural interactions with apps as well as service providers. But while this evolution of identity promises to ease the difficulty associated with navigating an increasingly complex world of connected devices, systems and people, it may also usher in an element of risk. If not properly revoked, wide-ranging access to an online network could give a disgruntled former employee the opportunity to inflict more damage than an outside hacker.

Several businesses have already experienced what can happen when poor internal processes fail to limit network access to the appropriate parties. Marriott, for example, lost $50,000 when an ex-employee hacked into their hotel reservation system and slashed the rates on more than 3,000 rooms by up to 95 percent. At Columbia Sportswear, a former staffer hacked into the company’s email system using an unauthorised account he set up the day before his departure.

Similar attacks are bound to happen, especially at companies that may not take the proper steps to ensure employee credentials are properly managed or updated in real time. Here’s a look at how securing various types of authentication methods can limit entry points for ex-employees with malicious intent and cut down on risky insider behaviour.

Biometric authentication

Every organisation faces the challenge of safeguarding access to sensitive information and intellectual property for employees, partners and customers. Biometric authentication enables businesses to do just that – all without sacrificing user convenience. Not only is biometric data one of the strongest authenticators available, but it also ensures fast enrolment and verification of user identities. From handling gestures to keystroke dynamics, a wide range of biometric authentication modes can even be implemented in software across phones and other endpoint devices, thereby opening the door to online or offline access of sensitive information.

In order to stop potential fraudsters in their tracks, however, organisations that embrace biometric authentication must take steps to secure the data they collect. After all, biometric traits, such as face topography, fingerprint or typing rhythm, are unique to each user. Ensuring that such data remains secure can prevent cybercriminals from stealing the identity of others within the organisation. Perhaps even more importantly, businesses should also monitor network access settings so that former employees can’t get their hands on personally identifiable information after their last day. Following the same exit process for each departing employee will make it easier for organisations to keep track of who should and shouldn’t have access to an online network.

Adaptive authentication

When it comes to improving authentication system security, businesses must also be conscious of preserving the user experience. After all, what good is a secure online network if nobody wants to use it? To help strike a balance between the two, a number of organisations are adding layers of authentication, including locational services, user behaviour patterns and device analytics that assess reputation and risk. Rather than focusing exclusively on policies, rules and logic, an adaptive authentication engine assesses a wide range of real-time attributes and makes an intelligent assessment to either allow, block or challenge the authentication needs of a transaction. Applying learning technology via artificial intelligence helps to further reduce risk and improve the user experience. 

Enterprises looking to secure high value transactions or important documents should use adaptive authentication to provide a secure yet transparent authentication experience. This real-time analysis of an employee’s device or behaviour will help ensure network access is restricted to those who actually need it.

Authentication cloud services

The way we access valuable business information is changing. In the past, employees have relied upon company-issued computers as well as applications that often resided within corporate networks. But with the proliferation of applications and access points, today’s employees now have the opportunity to get their hands on information using multiple different devices – most of which aren’t even issued by the company. In terms of applications, a steady shift toward the cloud and SaaS has enabled employees to access a broad range of applications that are hosted outside of the corporate firewall.

To help avoid becoming overwhelmed by the explosion of identities required to onboard new enterprise and cloud apps, businesses should look to deploy an authentication cloud service solution that can serve as a one-stop shop for authentication. Doing so will not only make for an easy and convenient user experience, but it will also save organisations the trouble of removing credentials from every system when an employee leaves. Stripping access to the authentication solution will be all it takes to stop former employees from finding their way into an app.

One-time password tokens

It’s easy to see why one-time password (OTP) tokens have risen in popularity among enterprises. By providing single-use passcodes at preset time intervals, devices or software programs enable users to access important information without relying on passwords or security questions that are often far too easy to guess. This authentication method is not only useful for remote employees and system administrators who need remote access for out-of-hours support, but with the growth and sophistication in cyber threats, phishing attacks and damaging malware such as ransomware, equipping all employees with strong OTP or certificate-based credentials is becoming essential across most industry segments. Modern approaches that leverage mobile devices and push notifications help streamline the use of two-factor authentication and avoid the costly task of purchasing and issuing dedicated hardware tokens. 

In the same way organisations must remain conscious of outside hackers, they should also establish processes that prevent internal employees from inflicting damage long after they’re left the company. To ensure such authentication methods no longer provide ex-employees with access to critical information, organisations must revoke permissions that once made it possible for the ex-employee to receive password tokens via a personal smartphone or mobile device. Keeping a close eye on employee credentials will enable organisations to enjoy the safety and convenience of one-time password tokens without exposing themselves to risk later on.

Once defined by simple elements that are easily faked or replicated within digital contexts, the notion of identity stands in the midst of an evolution. From geo-locational context to normalised computer session behaviour analysis, a growing amount of emphasis is being placed on user behaviours that not only provide a more complete view of who we are, but also make it easier to access connected systems securely and conveniently. But with such cloud-based and mobile-enabled environments comes the threat of greater risk from ex-employees. By creating internal processes that properly manage and update employee credentials, organisations can work to secure authentication methods and eliminate entry points for former employees.

Ryan Zlockie, global VP of authentication, Entrust Datacard
Image source: Shutterstock/Anton Watman