Category Archives: Biometrics

Keep Sensitive Data Secure on a Tight Budget

As more services move towards the cloud, it is important to establish network security so as to ensure secure data transfer. Similarly, businesses that manage critical personal data need to maintain airtight security policies and procedures. Not having such policies in place may lead to security breaches or expensive client lawsuits. According to a 2016 report from the Ponemon Institute, almost 50 percent of small organizations that were surveyed experienced a data breach in the previous year. Another research by Symantec found that almost 43 percent of cyber-attacks in 2015 were targeted towards small businesses, up from 18 percent in 2011.

Small businesses make for an enticing target as they usually do not have the necessary security controls in place to secure their financial data from internal as well as external threats. Here are some low budget tips that can help small businesses keep their financial data safe.

  • Install proper network and work station controls such as properly configured firewall, anti-virus software, and updated patches for all hardware and software. Criminals usually try to exploit sensitive data such as Personally Identifiable Information (PIT), business trade secrets, financial data and other critical company information. Organizations must have restrictions in place for allowing only the least number of employees having access to sensitive information, especially financial or that related to security. Strict compliance must be ensured and employees must be trained and updated about it. This will help reduce incidents of data loss/ theft. Access to all storage, computing and online-based media like servers and databases must be restricted to only a few trusted employees.
  • Establish a culture of security by training and informing employees about accessing unsafe websites while at work that may result in major breaches. Companies may also resort to block access to certain sites for security reasons.
  • Conduct periodic testing to keep a check on vulnerabilities. The frequency of testing must depend on functional criticality and size of the company. With smartphones being used as devices for transfer of data, companies must ensure that these devices also fall under the purview of DLP policies and practices. Mobile devices must have anti-virus software installed and be up-to-date.
  • Get finance teams/ CTOs involved to understand the risks involved and get a holistic view of what can be done to mitigate these risks at the base level – without incurring too much cost.
  • Implement two-factor authentication along with strong password policy. Two-factor authentication requires use of a password plus a code or a biometric marker to access data. The additional layer of security makes access to sensitive data more difficult.
  • Set aside a small budget specifically for continuous monitoring or security-related loopholes to help ward off any attacks and threats. If utilizing the services of third party vendors for securely managing data, have a Service Level Agreement (SLA) which details security expectations and gives the right to thoroughly audit the vendor to confirm and ensure compliance with policies.

In essence, by just implementing and following certain basic tenets of security, most organizations can secure their sensitive data with bare minimum costs.

Why Biometrics Should be Used?

Biometrics is a way of making sure that the user is who he or she claims to be, thus eliminating unauthorized access to information and safeguarding it from internal threats. With data breaches becoming more complicated and impacting all sectors, organizations are gradually complementing traditional authentication techniques, especially passwords, with biometric technology. To fully understand the potential that biometrics offers towards enhancing data security, let us first understand what biometric identifies are, how they can be deployed and advantages that the technology offers.

Biometric Identifiers

The term “Biometrics” is coined with two words “bio” and “metric” meaning life and measure respectively. The underlying meaning is that every human is unique and can be recognized/ identified by his or her intrinsic physical or behavioral traits.

Fingerprints, face, retina, voice, ear features, typing rhythm, gait and gestures constitute as biometric identifiers. For security, a single or a composition of multiple identifiers can be used. Research and development is actively underway to encompass brainwave signals, electronic tattoos and microchips under biometric identifiers.

Biometrics Deployment

Fingerprint scanners, face recognition software and biometric hand reader are some of the platforms that are based on biometric technologies. Adoption of biometrics at various access points and endpoints is greatly beneficial in preventing unauthorized access and hence data loss either accidently or on purpose.

A study by ABI Research states that consumer and enterprise spending on biometrics is growing at a rate of 29% per year, with market size expected to reach $36.8 billion by 2020. Retail and banking sectors are leading in the adoption of biometric technologies because of the sheer volume of sensitive data they process.

Biometrics Advantages

While biometrics is gradually becoming a part of our daily lives – common examples being checks at international airports and fingerprint recognition on mobile devices – a number of organizations are yet to fully realize the capability that the technology offers. There are many advantages of deploying biometric technologies. These are:

  • Biometrics are extremely accurate, though not 100%, as the identifiers are unique to each user.
  • While passwords can be replicated making the system vulnerable to unauthorized users, biometric identifiers are difficult to break and thus offer very reliable data security mechanism.
  • Automated biometric verification is a very quick process.
  • Biometrics do not require multi-layer authentication. They are user friendly and lift up the burden from the user to remember various complex passwords. This saves time without compromising the security of sensitive data.

Conclusion

Organizations can enhance traditional authentication methods that they use by introducing biometrics – an additional security layer that answers “Who I am”. While barriers to adoption remain high, mainly being cost and privacy, the number of real-word applications for biometrics has been increasing. It remains to be seen if biometrics will emerge as the answer to most data theft problems or if it will only continue to act as an additional assurance to prevent data loss.