By Philippe Inserra, Asia Vice-President, Online Authentication, Security Business Unit, Gemalto
There is a perception in the realm of IT security that Small and Medium Businesses (SMBs) are not a main target for hackers, due to their company size. This very misleading mindset makes them an easy target for fraudsters.
In comparison to large companies who can afford to hire dedicated cyber security personnel, SMBs have at most only one or two people assigned to this task and they may also be playing other roles in the company such as management of IT infrastructure and services.
However, with an increasing number of SMBs providing critical services, it is important that they address these security concerns in order to protect their user data. With that, here are some practical tips to help SMBs ramp up the security of their Identity and Access Management processes.
Implement Multi-Factor Authentication or PKI
In an era where we constantly hear of passwords being stolen and company networks infiltrated, it’s time to seriously consider whether or not a simple username-password combination is sufficiently secure. Malware, spyware, keystroke logging, spearfishing, social engineering —the list goes on—are all malicious attacks designed to steal password-based login credentials.
In contrast, Multi-Factor Authentication (MFA) is a system where at least two different factors are needed to authenticate a user. MFA solutions validate network identities by incorporating two or more of these factors – something the user knows (i.e.: a PIN code), who the user is (i.e.: biometric data such as a fingerprint) and something the user has (usually a secure personal device such as a smart card or One-Time Password token).
With MFA, the network remains secure even if the password is compromised since the malicious user also need the secure personal device to gain access to the network. This ensures that users accessing your network are who they claim to be.
SMBs can also consider a Public Key Infrastructure (PKI) system, which validates a user’s digital identity over the network by binding a pair of public and private keys with their individual identity credentials through a Certificate Authority (CA).
Make security convenient
While enhancing security is all fine and good, it usually comes at the cost of sacrificing convenience. In fact, inconvenience is often a deterrence whenever SMBs think about adopting improved security measures.
Gemalto has several products where security and convenience are the key features. Our Protiva solutions include a range of secure devices that come in a portable, convenient form factor to encourage end-user acceptance.
Make sure your data travels safe with Digital Certification
In today’s digital world, paper documents transported in inter-office folders, through mail or by courier are fast becoming a thing of the past. While convenience is at an all time high, there are risks associated with any type of electronic communication. For example, highly sensitive emails can be intercepted and read by malicious third parties if they are not given the necessary level of encryption.
To deal with this, Gemalto has developed digital identity credentials which encrypt all critical electronic documents such as customer data, intellectual property, legal and financial information and employee records.
The solution also enables many other applications such as digital signature and e-mail and file encryption. This end-to-end protection ensures that data will be seen by the intended recipient and certifies the authenticity of the documents exchanged.
Besides protecting documents, SMBs also need to protect their top-level executives who have access to sensitive data and confidential information. For this group of employees, Gemalto’s ExecProtect suite of solutions can protect executives’ daily interactions with such confidential information and their company network by using encryption and secure access credentials.
The benefits of implementing digital security are twofold – it not only secures confidential information, but also increases the trust between the SMB and their customers. With the increasingly critical role that SMBs play in the global economy, adopting digital security best practices in their daily operations is imperative to continued operational success.