Cybersecurity has become an important discussion topic in the top management of large and small corporations in recent years. Valuable and confidential company data, that was typically printed on paper and secured with lock and key, are now being stored in clouds or private servers. Data is the gold of the digital age, whether it is employee or customer data, proprietary information, etc., making it all the more attractive and lucrative for hackers or attackers. While advances in technology have allowed for better security solutions for companies, one risk still remains. In security circles, this risk is often being referred to as the 'weak link' in an organisation: the human factor.
Even with all the possible technological safeguards in place, people are still susceptible to simple social engineering attacks that can result in high penalties or financial losses. In this age of rampant cybercrime and corporate espionage, directors should play an especially pivotal role in ensuring cybersecurity. They are privy to the most sensitive information in a corporation. At top management level, it is not about cybersecurity risk management, but rather cybersecurity risk oversight since risks of cyberattacks do not stay limited to functions, business units, companies, and customers. Directors need to make security a priority and rely on a security expert with a strong understanding of the topic. Otherwise, they will not have sufficient oversight of the current situation within the organisation, leading to potential vulnerabilities.
In addition to the higher frequency of cyberattacks on companies, recent years have seen stronger regulations for businesses when it comes to data privacy and protection. GDPR in Europe has been followed by even stricter data privacy regulations on other continents. This previously loosely regulated field now has to follow clear rules, and breaches are consequently penalised. Marriott faces a $123 million fine from the UK’s data protection authority (ICO), whereas British Airways is confronted with a penalty of $230 million. Under GDPR, companies need to ensure that they are doing enough to protect their customers’ and employees’ data. Due diligence from top management is required when selecting and vetting vendors. It is also important for top management to align with third party vendors when it comes to putting in place holistic preventive security measures, including business continuity response, should a breach occur.
For a modern company, incorporating digital tools is now the norm in efficiently conducting day-to-day business. Whether they are marketing and sales tools like customer relationship management systems (CRM), accounting programs, or meeting management software, when sourcing third party applications, it is vital to select the ones that do not open up any security gaps. There are many providers on the market and their tools vary in reach, benefit, usability, and security standards. That is why choosing the right tool and vendor is of utmost importance.
Today, the standard practice to strengthen security on digital tools is two-factor authentication (2FA). But why is 2FA necessary? For a long time, usernames and passwords were seen as a security best practice when it comes to employee or customer logins. Even though this is still typically used everywhere, experts agree that it is no longer secure enough if not combined with other measures. Research shows that 81% of company data breaches stem from weak passwords. Here are some of the reasons:
Due to these data security issues, many businesses have now adopted 2FA and implemented strong password policies.
2FA is widely used by banks, and other security conscious companies, in particular those operating in highly regulated landscapes. A traditional form of 2FA is SMS authentication that delivers a 6 digit pass code. The user needs to enter the code from the SMS into their tool to verify their login, each time they want to access their account. Not only is it cumbersome to have to physically enter the passcode every time you want to login, but it also means that the user requires network coverage. Most SMS codes are timed out after 2 minutes, which indicates that a delay in receiving the SMS results in refused access to the tool. Security experts have also long voiced concerns of the SMS protocol as in most countries the method of SIM swapping is still very easy and widespread. SIM swapping is when an imposter calls the user’s phone operator to transfer the phone number to a new SIM that the attacker has acquired. This allows for an attacker to bypass 2FA by intercepting the SMS codes, thereby gaining access to the user’s account. This is so widespread, to the extent that the new European payment directive called PSD2 that is coming into effect in September 2019 all across the European Union, has deemed SMS authentication as not secure enough to authenticate payments made over 30 Euros. It prompted banks and other payment processors with EU customers to adopt other forms of mobile payment authentication.
Security does not have to be a pain. Businesses are worried that an additional step in account security can lead to reduction of customer satisfaction or low adoption. Yet, there are many other secure and more user-friendly authentication methods out there. For example, biometric based authentication methods such as facial recognition, fingerprint scanning or behavioral biometrics (such as typing patterns), or hardware tokens like Yubikeys. Moreover, there are also other user-friendly innovative solutions on the market, like Zero-Touch authentication by Futurae: a Swiss based cybersecurity company focused on providing authentication solutions with the highest level of security and usability. Zero-Touch solution uses ambient noise and ultrasound technology to verify the proximity of the user on the secure device (mobile phone), to the device that they are logging in to. This offers a completely hands-free yet secure experience for users.
To showcase how easy the Futurae login works, we take Sherpany meeting software's login as an example. Signing in to Sherpany meeting software, using Zero-Touch technology by Futurae, not only saves time and hassle, but it also provides users with the highest standard of security. After the initial set up, which includes downloading and enrolling the Futurae app (available on Apple App Store or Google Play Store), Zero-Touch technology will automatically verify the login in the future without any additional action required. As the CEO of Helvetia explains 'it was so easy, it just worked automatically'. Thus, the login process is fast and seamless, and users are able to log in to the meeting software no matter where they are, and at any time.
Looking towards the future, top management needs to continue preparing for security related topics, while keeping in mind that organisations might be breached at one point or another. This is why it is essential that business leaders have security measures in place to counter and detect cyberattacks, and also set up appropriate emergency responses in the event of a successful breach. Regular data backups are quintessential to ensure business continuity, and a clear communication plan shows that the organisation has the situation under control.
Nowadays, due to its potential in the security field, a lot of cybersecurity tools started incorporating AI (artificial intelligence) and machine learning into their solutions. Yet, it is important to keep in mind that technology is far from perfect, and that attackers are also making use of the same technology to their advantage. Nevertheless, one thing remains clear: as the threat landscape is constantly evolving, at the top leadership level it is crucial to stay vigilant and to continue to adapt and strengthen security measures.