The perception that employee smartphones are a security liability is misplaced. They’re a multi-factor authentication security asset.
It’s clear the things we’ve done in the past to stay secure are no longer sufficient. The pervasive use of usernames and passwords to authenticate with every kind of system on the planet is breaking down. Passwords aren’t strong enough and no one can remember them all. Some companies require something called two factor authentication in order to access their computer systems. This dramatically increases security because you’re required to have something like a smartcard and know something like a PIN in order to gain access. The downside is that everyone has to have a smartcard with cryptographic information on an embedded chip as well as a smartcard reader plugged into a PC to make this work. How likely is it that everyone on a global scale has this kind of gear? Not very.
It makes you wonder if there’s some kind of device carried by almost every human on the planet that could substitute for a smartcard? Seek out cloud and on-premises systems that work with devices to implement modern security features like multifactor authentication. Now when an employee enters their corporate credentials, the system will call their phone and require them to dial in an additional PIN to prove it’s actually them who’s trying to access corporate resources. A bad actor who may have stolen your credentials won’t have your phone to answer the call or know your PIN. It’s also unlikely they’ll have your face or fingerprint if you’ve enabled biometric security.
Reduce risk to your business by having employees use their smartphones to prove their identity when attempting access to corporate resources. What is your company doing to secure its business-critical resources?