Since the dawn of the Information Age, employers have encouraged employees to use “something you know” passwords to secure company data. However, the modern enterprise has learned that safeguarding information with a “something you know” password, no matter how complex, cannot prevent a data breach. Instead, companies are now implementing “something you are” passwords such as fingerprints and facial patterns, or biometrics, as part of their multi-factor authentication approach.
However, as biometric authentication becomes increasingly common in the financial services industry, employees and customers are beginning to show reluctance to comply with these new security measures. And rightfully so, considering they can always change their password or get a new ID badge, but they can’t change their fingerprint or facial geometry. When adopting “something you are” passwords, it is crucial that companies understand how to safely store biometric data to ensure that they aren’t subjecting their employees to identity theft.
Here are five ways companies can secure biometric data:
When implementing biometric passwords, the first question that comes to an employee’s mind is “who has access to my fingerprint?” The answer should be a select number of individuals who have privileged and limited access to company and employee data. In essence, the less people who have access to employee biometrics, the better.
It is important for companies to encrypt all biometric data. This can be done through the use of a cryptographic key. By encrypting fingerprints, facial geometry, voices and other features, companies can keep malicious insiders and outsiders from replicating or using employee biometric information.
Since there are such risks associated with using biometrics, companies need to carefully consider whether they are even necessary for the information they hope to secure. In other words, not every data set needs biometric protection. In fact, the less biometric data you need to store, the less risk you create. That being said, decrease the amount of biometric data that you store by prioritizing which groups of data require biometric protection.
Businesses are using biometrics as part of a multi-factor authentication system – a layered security approach that combines passwords, biometric technologies, among other factors to limit access to critical information. But the multi-factor authentication system is actually part of a larger identity and access management strategy. If you don’t have one already, introduce an identity and access management solution to your security system that allows users to monitor who is accessing sensitive information. An identity and access management solution will notify admins if a suspicious user is attempting to log into a company account.
Rather than reworking your entire cybersecurity strategy, integrate biometrics into your existing systems. Work with your planning committee to introduce biometric passwords one step at a time. Be sure to set quantifiable goals to measure the system’s performance at each level of integration.
Before introducing biometrics, it is crucial that companies understand the risks associated with storing and managing thousands of employee fingerprints, facial patterns and other types of personal data. Through careful and well-planned integration, implementation, financial services companies can safely and successfully adopt “something you are” passwords.
ABOUT DAVID MEYER, VICE PRESIDENT OF PRODUCT, ONELOGIN, INC.
As a product visionary executive, David Meyer has been building groundbreaking enterprise, cloud and consumer software for 20 years in close collaboration with some of the world’s most demanding brands. As OneLogin’s vice president of products, David drives the direction of the product, working closely with customers to build the future of identity. Prior to OneLogin, David co-founded and co-led the education company, UniversityNow. Earlier in his career, he served as senior vice president at SAP leading teams that pioneered cloud software and vice president of product management at BEA Systems, Inc.