Posts Tagged ‘Two Factor Authentication’

Small Healthcare Organization and SMBs Pose Largest Risk of Data Breach

healthcare smbs risk Like a wildfire data breaches have become the topic of discussion and the future of these attacks is changing just as rapidly. Out of the countless studies released by experts including The Ponemon Institute, Verizon and the United States Secret Service, we can see that many data breaches are due to loss and theft. Small healthcare organization and small to medium sized businesses have the biggest risk but the threat is not hackers. Instead it is the professionals who are being trusted with confidential data on devices without proper training or repercussion.

Why are Small Healthcare Organizations at Risk?

Of the total reported healthcare data breaches on HHS.gov, 67% were caused by theft and loss, resulting in 78% of stolen individual records. Physicians need to have access to confidential patient data at many times throughout their day, so they are already at risk of data loss or theft. However many small healthcare organizations are often reluctant to join the cloud due to security concerns. Even more daunting is the fact that theft and loss result in 92% of computer related data breaches, resulting in 97% of stolen records. By utilizing an in house network and allowing protected health information to be stored on mobile devices a smaller practice is actually putting their patient’s confidential data at risk.

Why are Small to Medium Sized Businesses at Risk?

Many small businesses lack the desire to be secure and state there is not enough money in their budget. However Ponemon recently surveyed IT professionals who work for companies with less than 100 employees and found that 78% believe data breaches are caused by employee negligence. How much does it cost to educate employees about weak passwords and data handling procedures? The highest percentage of breaches occurred from the loss of mobile devices and laptops. This form of negligence accounts for a third of the problems small businesses have with data breaches. Yet SMB’s are still reluctant to move their private data to a cloud computing system.

Verizon stated in its 2011 Data Breach Report that the cloud is not the problem when it comes to security. Healthcare has recently been moving toward the cloud to secure its confidential data but this is most likely due to government regulations like the HIPAA Security Rule. Small businesses are facing other concerns with the cloud though. Instead of worrying about security from hackers they are seeing the potential for these cloud computing services to steal their confidential information.

So what is a cost effective alternative that offers efficient security for data and can be created in house? Utilizing a central database for information not only limits data loss through employee negligence of data and passwords, but it also offers better accountability for businesses and healthcare facilities. By removing data from mobile devices such as smartphones, tablets and laptops, companies remove responsibility from employees. Also security of one single server is much easier to maintain than having to educate employees about security of their devices.

Through out-of-band two-factor authentication a company can limit access to authorized individuals only. Also by utilizing a one-time password sent through SMS text message this out-of-band authentication method can provide notifications when access is requested. This is an added layer of protection that also provides small businesses and healthcare facilities with a cost effective solution. The future of data breaches ultimately lies on the companies who store personal customer data however a simple and easy to implement solution is awaiting them.

Government Regulations Demand Higher Authentication Security

government regulated authenticationAs we start to settle into this new decade government regulations are demanding higher forms of authentication security for many industries. Many businesses in the financial, medical and educational industries are not using properly secured solutions for identifying users. Data breaches have become regular news in technology and security media for a long time, recently the national media has started to report on security breaches that have resulted in a major consumer information losses. However with even slightly stronger forms of authenticating such as out-of-band two-factor authentication these breaches would not be possibly.

Reports like the RSA and PSN data breaches are big news that displays nationwide impact on consumers who have personal information stored on company servers. Although these breaches have been reported the resulting criminal intent has still not yet come forth. Using information stolen from data breaches hackers can gain access to more crucial and confidential information such as financial, medical or education records.

It may be that the trend is pointing towards more and more attacks like the data breaches we have been hearing about in the news lately, prompting the government to step in with regulations to protect consumers, employees and anyone storing personal information on business databases. Also it could be the fact that better forms of authenticating exist such as out-of-band two-factor authentication.

With technology growing rapidly and security being implemented only after the fact, society is left with vulnerable gaps in secure online interaction. With smartphones, tablet PCs and other devices that are constantly connected to the internet becoming a norm in every household this increases the number of victims and points of entry for attackers.

The need for security is at our doorsteps and the government understands society’s grief. Enforced by the Office of Civil Rights, the Health Insurance Portability and Accountability Act or HIPAA provides protection for patient’s personal information and this will not be the last we see of government regulations put in place to protect our confidential data. With more and more of our data being placed online or on networks which can be accessed over the internet, regulations will start to be put in place for almost all industries. Industry regulations will require stronger security when authenticating a user to protect against fraudulent access.

Industries Requiring Stronger Authentication

Healthcare Industry
Educational Industry
Financial Industry
Ecommerce Industry

These industries already have authentication processes and regulations for identifying a customer in person. As technology grows and more industries move online, these authentication processes will receive even stricter with regulations due to the wide accessibility of data. Ecommerce will be an industry seeing many changes soon due to the high amount of fraud that is taking place amongst the ecommerce community.

Although many companies do have security measures put in place for identifying users the fact is that only a required government regulation will push business owners to spend the extra investment. A stronger and more secure system such as out of band two factor authentication processes would be the proper investment for protecting your client’s confidential information.

Securing your future with Out of Band Two Factor Authentication

out-of-band two-factor authenticationFor decades two-factor authentication has been lurking in the shadows. Most people never even realized they were performing the process of authenticating with two factors to access almost any secure information over the web. Although as 2012 approaches, we are starting to see this technology adopted by many businesses and it is more people understand the security behind two factor authentications and the importance of the technology. This could possibly be because there are so many attacks performed every day on every one.

It seems as though as time goes on more people and their information are being breached. Some of you may even know of friends or family that have fallen victim to identity theft attacks. Many people have had their emails and passwords to sites compromised and not even know it. There are also many instances where there are more advanced security breaches such as credit and banking fraud. As we become more accustomed to these scenarios we also become more educated and solutions against these types of attacks become more advanced.

Of course remedying the easier attacks comes down to keeping your computer cleaned of malicious software as well as changing your password regularly. However combating the latter involves utilizing security solutions such as two-factor authentication. Although this form of authentication is more secure than using only a single factor there are certain parts of the process that can be more secure based on the solution vendor.

Out-of-band two factor authentication solutions offer an added layer of security when authenticating. They require the user to receive a one-time password or pin on a separate network than the one they are trying to access. If a bank account holder were trying to access their online banking account from a different IP address than they usually do the bank may require this type of authentication by sending a pin to the client’s mobile phone through SMS text message. This would be considered an out-of-band two factor authentication.

Although during out-of-band authentication there is still a chance for attackers to steal information. Zero footprint authentication allows for a safe and secure experience while authentication through an out-of-band device. Zero footprint security refers to the information that is left behind on the device used to relay the one time password. During the authentication process the client receives their OTP but all traces of the process are hidden with no data left behind.

We will start to see changes to the most basic of two-factor authentications such as an ATM card and pin code. The future of computerized banking authentication will probably rely on an out-of-band solution since attackers are becoming so savvy to security. Scanners that can be placed within an ATM can easily steal your ATM card information as well as capture your pin code making this older two-factor authentication process less secure.

The future of two-factor authentication is promising as it can be applied to many security applications. With more secure forms of authenticating being implemented, it is becoming much safer to prevent fraudulent identity attacks. Even though we can never truly be 100% safe from identity theft and fraudulent activity we can become more secure making it harder for hackers to siphon information and steal personal records.

Could A One Time Password Already Be Securing Your Industry?

one time password informationTechnology affects every aspect of our life, especially our security. Luckily there is always new technology being created to help keep our lives more secure. As our lives become digitized it seems that more and more sensitive information is being added to databases connected to networks or accessible from the web. This raises a red flag to anyone who has been affected by identity theft or fraud. With all of our personal data being stored in so many places it would seem that we more vulnerable to malicious attacks than ever. However this is not true, as technology begins to change the way we interact and share information it is also changing the way we secure our data.

Two- factor authentication utilizing a one-time password is technology that has been around for decades although the need for such security has risen lately. With many industries going paperless and wireless it opens the gate for hackers to siphon private data. Industries such as education, financial services and healthcare are all in need of higher security since they deal with important information that must be kept confidential.

OTP in Education

The education industry has been utilizing electronic records for a long time to manage students. These records are stored on a computer that is connected to a network for administrative use, the very same network that students are accessing from their laptops, tablets and smartphones.

Even on a password secured network these records are vulnerable since you do not need to be extremely computer savvy to use a key logger. Any student could simple attach a device to their teachers computer or install malicious software that operates discreetly behind the scenes to log keystrokes. Potentially stealing their teacher’s login credentials and gaining access to confidential information.

Any agency collecting, maintaining and storing sensitive information is responsible for managing that data responsibly as stated in “The Family Educational Rights and Privacy Act” also known as FERPA. With security being their government appointed responsibility and malicious attacks becoming easier to perform, many education agencies are securing their confidential information with two-factor authentication through a one-time password.

OTP for Financial Services

Identity fraud is most apparent in the financial services industry for a good reason, it deals directly with money. Just like everything technology has affected the way we bank with online banking being offered by almost every bank. However this poses a threat to client identities. To keep account holders secure a one-time password is used to keep online banking customers safe by authenticating a user when they log in from different IP addresses. Two-factor authentication is also used to identify an account holder at almost every point of transaction through a bank card and PIN.

OTP in Healthcare

The healthcare industry is facing many changes in the future from regulations demanding increased security of patient’s confidential information. With more sensitive data being readily available over the internet for physicians the need to secure that information is extremely critical. Authorization to access a patient’s medical record is crucial and a one-time password provides that security by identifying the physician, issuing the OTP and allowing a single sign on. Even on mobile devices such as laptops and tablets, zero footprint security can allow access to records without leaving any data on the device.

Transmitting data securely is the future of security in almost every industry. Info is power and with almost every industry moving over to wireless interaction between tablets, laptops and smartphones hackers are using technology against us to gain power. Securing that information through two-factor authentication and one-time password services is the future of technology in order to protect the same users it was put in place to help.