Workarounds for Two-Factor Authentication in a Workplace That Isn’t BYOD-Friendly
Two-factor authentication can be difficult in a workplace that doesn’t allow smartphones. But it’s not impossible
It’s hard to overstate how dramatically the smartphone has changed our world and our daily lives. With an estimated 2.5 billion of these miraculous devices out in the world today, most of us spend quite a bit of time on our smartphones engaging on social media, looking up obscure facts to win arguments or streaming our favorite shows.
As phones have become more technologically powerful over the years, and as the average amount of time we spend on them steadily increases over the years, businesses are taking a more inclusive approach to them and how employees can use them at work.
While some organizations may still implement a no-phone policy, more and more are allowing workers to use them on-campus and from home to conduct official work business. This allowance for the use of personal devices for professional purposes is generally referred to Bring Your Own Device, or BYOD. What started with a few organizations here and there allowing personal laptops and smartphones at work has now grown into nearly 70% of employees using their own devices while at work.
The benefits of BYOD policies are numerous, chief among them increased productivity, significant reductions in operating costs and increased employee satisfaction.
One of the best things about having our smartphones with us at all times—especially in today’s world that is fraught with cybersecurity risks—is being able to use two-factor authentication. While a shocking amount of people tend to not take advantage of it, two-factor authentication is one of the most surefire ways to prevent unauthorized access to your online accounts and data.
All workplaces should aim to have the strongest possible passwords, given that a vast majority of data breaches in a business setting are due to poor or weak passwords. But as we mentioned earlier, not all workplaces allow smartphones in the workplace, which will render two-factor authentication difficult or impossible. What options can be considered for implementing two-factor authentication in environments such as these? Let’s take a look.
The Risks of BYOD
One of the biggest reasons why some organizations still choose to ban or severely restrict personal devices on their networks is the inherent security risk they pose. Every time an employee loses their smartphone that has company data on it, that’s a risk—the device could be stolen, used by somebody else if the security parameters are not set up correctly or rendered unusable due to accidental damage. Malicious app installs are also something to consider. Most professional settings have some sort of limits on the types of apps that can be installed on their own devices, but similar safeguards are not typically practiced by the average end user. And while both Apple and Google Play has become better at policing malicious applications on their respective digital storefronts, it wasn’t too long ago that Apple did a massive purge of apps that could theoretically swipe valuable company data once installed on a phone that’s used for business purposes.
Other Options for Two-Factor Authentication
If your organization isn’t buying the whole BYOD philosophy, it might first be worthwhile to explain to the decision-makers involved the importance of two-factor authentication and how it can lead to a more secure environment. It may be a simple lack of understanding and, as G.I. Joe taught us, knowing is half the battle.
If that is ineffective and the BYOD risks are still too much to swallow, perhaps company-purchased and company-operated smartphones are in order. While the initial purchasing cost and subsequent monthly bills can be a significant investment depending on how many employees you have, this would allow the organization to implement two-factor authentication but still exercise strict controls over the device, which apps can be installed and used, what networks it can connect to and more.
If either of those options isn’t in the cards, there are some alternatives to implementing two-factor authentication to increase security. One that has become increasingly popular in recent years is Universal 2nd Factor keys, or U2F keys. Without diving in too deeply regarding the technical details of how they work, U2F keys are widely considered to incredibly secure and are trusted by such tech giants as Microsoft and Google. They address some of the few security loopholes present in two-factor authentication but can be somewhat pricey to implement (although almost certainly cheaper than purchasing smartphones for your entire company).
Security is King
Regardless of how your organization feels about BYOD and two-factor authentication, we should all be taking as many steps as possible to protect the data and proprietary information that is critical to the success of the company we work for. Be sure to abide by strong password best practices. Always be careful conducting company business on outside networks, and consider implementing some sort of VPN for employees who must work remotely. Also, be sure to set up the ancillary countermeasures on all your devices, such as locking out the screen after long periods of inactivity and, if possible, setting up biometrics such as fingerprint scanning.
Pingback: How to Position the Enterprise for Zero Trust Success - Security Boulevard