Although the world has been transitioning to remote working and digital identities for a while now, the COVID-19 pandemic has seriously sped up this process.
Along the way, this crisis has raised a number of questions concerning the feasibility of digital transformation. In today’s post we’ll be addressing some of these concerns.
Before COVID-19, we all recognized that a global shift towards remote work had become a trend. However, the response to the COVID-19 pandemic greatly accelerated this movement, almost doubling the number of remote workers.
To give you concrete data, protective measures taken during the pandemic have caused the number of full-time remote workers has jumped from 33 to 61%. The distance working strategy was adopted by companies around the world, including the biggest ones like Facebook and Google, who will be continuing to embrace this model throughout the year.
In addition, online services in general have completely exploded. IPification founder Harry Cheung recently wrote about a full-on digital transformation with a 26.8% increased demand overall in online inquiries.
These trends are here to stay. However, you might be asking yourself if they are viable in the long run. In particular, the sudden increase of remote workers and online demand — while in itself a good thing — has been met with difficulty by some online service providers, both in terms of operations and in terms of security.
It’s clear that a number of issues must be resolved in order for these trends to remain viable as we move forward. Let me outline these concerns and some approaches to addressing them.
A Staggering Uptake in Remote Working and Online Activities Increases Cybersecurity Risks
As mentioned above, online activity has skyrocketed in the past few months, from entertainment to remote working and transactional activities.
When compared to last year, the number of transactions across 850 US retail eCommerce domains is up 40%. Paypal has experienced a 20% increase in transactions over the same period since last year, and never before have so many people worked from home — myself included.
As you may have guessed, this sudden increase in activity has also led to a rise in cybersecurity concerns. Let’s take a closer look.
From the perspective of remote working, 51% of organizations have already seen an increase in email phishing attacks since shifting to this model. Moreover, 50% of employers have allowed remote employees to use their personal email addresses and devices while working from home, with 51% saying that their remote working force isn’t properly trained in the cybersecurity risks of remote working.
With the activity of cybercriminals also increasing (phishing attacks have seen a 350% increase from January to March this year), these risks must be mitigated.
In comparison to having your workforce on company devices and the company network, this decentralization makes the task of securing sensitive company data much more challenging. A plethora of new factors come into play — including things as simple as the home Wi-Fi connection of employees or the antivirus they have installed — making it almost impossible for IT departments to ensure that sensitive company data is secure.
Add to that the increasing reliance on mobile apps for tasks both private and business-related. This is a domain where security has historically been sacrificed for features, and it is clear as day that strengthening security is a must to make these activities feasible even after COVID-19.
Sealing the Gaps in Security Protocols is the Best Investment Businesses Can Make in the Long Term
Improving security protocols can be a complicated and costly process for online service providers with already-established processes in place, but it’s the best investment businesses can make for the long term.
It’s the only way to keep remote working and other online activities running smoothly. In turn, it’s what will help you acquire new customers while keeping the old ones, as a direct result of the trust you’ve managed to gain among users.
In situations like the current moment where we have a record-high number of remote workers, as well as in online activities in general beyond the scope of the pandemic, it’s of utmost importance that trust is established between all parties. This means that effective management of online and mobile user identities is absolutely imperative for moving forward.
Furthermore, let’s not forget the actual costs cyberattacks can incur. The average cost of a successful endpoint attack was $8.9 million in 2019. Now, combine that with losses from user distrust. You get the picture — it’s a position where none of us want to find ourselves.
So, what’s the best course of action?
Two things come to mind: education and general strengthening of systems for user authentication, verification, and fraud prevention.
As we’ve seen above, more than half of businesses say that their employees haven’t had any training pertaining to security when remote working. And if we’re talking about end-users of service providers, 60% don’t even use 2FA as a means of protection.
To put it plainly, educating your remote employees about the importance of upholding security protocols, as well as being transparent with your end-users, is a great and fairly easy first step to improving your security. As ineffective as 2FA has proved to be, it’s still much better than nothing.
However, functional multi-factor authentication systems capable of continuously verifying users, and therefore preventing fraud, are the ideal answer to these challenges.
What should you use? Biometrics, blockchain, IPification?
You should choose the systems most appropriate for your MFA architecture, but keep in mind that regardless of any other considerations, your solutions should uphold the following principles: security, privacy, and user experience.
For example, while biometrics for authentication works great from the user experience angle, this method raises significant privacy issues should the biometric data be stolen. However, as part of a larger MFA solution, biometrics could play an important role.
At IPification, our mission was to make sure that all three of the essential principles were upheld during our solution design process. As a result, IPification verifies a user within milliseconds and in the background, without actually transferring any data — and meanwhile the only user action is a single click.
Our solution relies on pre-existing mobile operator infrastructure, which it uses to successfully authenticate a user by verifying their SIM Card and various device data. It can be integrated into an MFA system based on zero trust and continuous authentication within days.
