How non-security companies are changing security

August 10, 2018//Ellen Neveux

Last Updated: April 29, 2019

We live in a world that thrives on the idea of keeping our personal information secure, and most of this data is held on devices we use every day—cell phones and computers. For phones, we started with password pins, then companies incorporated fingerprint scanners, and now we have facial recognition built into newer models. Most computers still only need a simple password to enter, but it seems like things will become more secure in the future.

As we know, password security habits for consumers aren’t the greatest, but when security protocols are built-in to technology, it helps to illuminate the importance of security at the individual level. Then, hopefully, this will lead to enhanced habits of protecting data at the enterprise level. Both phone and software companies are taking measures into their own hands by having security features built into consumer products, so let’s take a look at how non-security companies are completely changing the personal security game.

Multi-factor authentication
One of the biggest integrations of a security protocol is multi-factor authentication (MFA). According to TechTarget, MFA is a security system that requires two or more methods of authentication from different categories that verify a user’s identity to log in. The purpose of MFA is to have a layered defense that makes it harder for an unauthorized individual to gain access to sensitive information. There are three common credentials for MFA used to put this protocol into action: what the user knows (a password), what the user has (a security token), and who the user is (a biometric verification).

Cell phones connections to MFA
Most, if not all, phone companies have incorporated extra security into their phones that work with MFA credentials. Whether it comes in the form of a password, fingerprint sensor, or facial recognition, entering into someone else’s phone is getting harder to do. In many cases, the password is added to either a fingerprint sensor or facial recognition, so if either fails, a user will be prompted to enter their password. With these additions to phones, it allows MFA to be easily achieved for heightened security measures.

  • Password: This is what seems to be the bare minimum for security on cell phones in today’s world. Users can choose a four to six number “code”, or even enter a password with a full keyboard like your computer password. It’s been well documented that it takes next to no time to crack a cell phone’s passcode with simple numbers and letters.
  • Fingerprint sensor: Fingerprint sensors require a user to place their full finger on the sensor first to save the fingerprint to the phone. The goal of this is to add a biometric verification aspect that makes a phone that much harder to be accessed by an unauthorized individual. For some phones, a user can save up to ten different fingerprints, but there are some downfalls to this. Since you can save up to ten, this means that you can save other people’s fingerprints. For example, imagine your partner saves their fingerprint onto your phone—they are now able to access mobile apps that have that extra layer of security (e.g. a bank app). With the move to facial recognition software, the phone can only save one face, thus lowering the chances of someone else getting into your phone.
  • Facial recognition: Taking security to the next level, newer phones have begun to incorporate facial recognition software. CNET explains that facial recognition software works relatively well since it can see a face in 3D. An example of this is that a phone lights up on your face, “shoots” out invisible infrared dots that highlight your features and creates a rough pattern, takes a picture of those dots with the infrared camera, and then decides whether you are the person that is allowed to enter the phone or not.

Biometrics have gotten a bad reputation because they are intrinsic and that means they cannot be changed, but they work great when paired with other security measures (e.g. something a user knows and something a user has). According to CNET, there is only a 1 in 50,000 chance that a random person can fool the fingerprint sensor; while the chance of fooling facial recognition is 1 in a million. By offering all three options within MFA on a singular platform, these cell phone companies are making security streamlined and easily accessible for users.

About ransomware
Ransomware is malware that is delivered to a victim’s device or devices on a breached network. Victims are exposed to malware in many forms, the most common of which is an email phishing campaign. However an attacker accesses a network, system, or an application their end game is to encrypt important data. KnowBe4’s Ransomware Hostage Rescue Manual says there are four potential responses once attacked, in order from best to worst they are: restore from a backup, decrypt files on your own, do nothing, or pay the ransom.

Software battles ransomware
A file sync and share service company announced at the Black Hat USA 2018 information security event that enterprise customers who use their platform have nothing to fear from ransomware attacks anymore. Why? Because they are making changes so that administrators can trace back to where the attack happened and reverse the damage on a per-user and per-file basis. According to PC Magazine, software companies already allow a high level of control over data, but now the control will be even more enhanced because it will reverse ransomware. This means that no data will be lost, no ransom has to be paid, and there will be only a small downtime.

Why this matters
Security habits aren’t just important between enterprise organizations and their vendors, rather, healthy habits start at the individual level. When individuals see security protocols being used in their day-to-day life it creates a good habit while also allowing individuals to takes control of their personal security. In other words, it lays the groundwork necessary to create good security habits while emphasizing the need for security in all areas of our lives.

About SecureLink
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

Subscribe to the SecureLink Blog.
close close