Several large financial institutions across the world are now starting to implement two-factor authentication ensuring that trust can be re-established with their users, fearing that if nothing is done profits are lost, customer confidence will drop, and the brand will be damaged for long-term disadvantages.
The icing on the cake: adding an extra layer of security
Most organizations think that providing users with secure authentication, along with the latest anti-virus and anti-spyware software should take care of the problem of identity theft. The reality is that with the changing paradigm of how users connect, security also needs to be present after the user ends the session or connection.
In the 1980s and 1990s it was easy to control what devices users used to connect with, but in today’s world, go into any city around the world and there are bound to be several internet cafés offering easy and cheap access, or walk through the airport and you are guaranteed to find a number of Internet kiosks offering quick and easy access to the Internet. Any time a user uses an “insecure” device, they could be leaving a trail of information behind, stored in cookies, URL history, temporary files, and even downloaded files. For organizations to offer mobile access from any location using any device, automatic clean-up of session data is imperative.
By combining the session clean-up with an upfront device assessment, it becomes easy to detect if the user is using a device approved by the organization or if it is not approved. If the device is not approved, once the user is done using the system to connect to e-mail or any other number of applications, data should be erased immediately from the device.
By simply adding this extra layer of protection, most organizations can safe-guard themselves against losing sensitive data to malicious attackers. Session clean-up should be added as part of a larger security strategy aimed at minimizing the loss of personal data, in combination with device assessment and strong authentication.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.