You are officially a new Data Privacy Officer, as defined under the General Data Privacy Regulation. Whether you think you drew the short straw or are excited about charting career advancement in privacy and security, you are now the company leader who’s got to fight internal resistance to change with a limited budget and massive financial penalties looming if your business falls out of compliance.
A single, simple solution to identity won’t put an end to the internal resistance, but it can essentially eliminate risk associated with the source of most data breaches. You can influence your organization in a positive way and allow your organization to devote time and resources to the more difficult elements of GDPR compliance.
The likelihood that your organization will be the subject of cyber attacks is high. The No. 1 source of data breaches is weak or stolen credentials. More than 81%1 of data breaches, in fact, start with account takeovers. If you can secure authentication and access to information covered under GDPR, you will significantly reduce the risk of a data breach and set your company up to successfully navigate this new regulation.
Following the massive data breaches of recent months, usernames and passwords have become horribly insecure — even for enterprise. InfoSecurity Magazine reports that more than four out of every five people use the same password for more than one account. Securing logins with more than just a password requires Multifactor Authentication (MFA). There are many MFA solutions available, but most of them create additional work, require additional hardware, interrupt the user experience and some even create new attack vectors. Even worse, some solutions may actually capture more PII. In the GDPR era, they become an additional invasion of privacy and require complex implementation to ensure PII is properly captured, transported and stored. Surely, no Data Privacy Officer wants to recommend a security solution to protect privacy when it potentially undermines the privacy of the very employees or customers you are trying to protect.
Nonetheless, 99%2 of IT Professionals agree that MFA is the best way to secure credentials. You may be thinking, why don’t we use MFA organization-wide? Why aren’t we insisting that our customers use MFA?
It sounds obvious, but most companies have not implemented MFA. Why not? The answer is convenience. In the digital world, convenience delivers a better customer experience. Without a great customer experience, companies struggle to grow. Most MFA solutions interrupt that convenience. They add complexity. They make it more difficult for the customer to gain access to what’s important to them. MFA solutions make it difficult for companies to retain and grow their customer base. Companies choose customer experience3.
Privacy takes a back seat. Vulnerabilities are exploited. Data breaches happen. And lawmakers step in to protect the public interest. Enter GDPR.
Now what are organizations to do? Do they implement complex solutions to meet the requirements of GDPR and attempt to maintain convenience and honor the customer experience? It’s a conundrum for many corporate leaders.
At Intensity Analytics, we began developing our solutions long before data breaches became daily news. GDPR was the least of anyone’s worries. Our objective was to be able to authenticate someone’s identity in the digital world with certainty, by means of an affordable, easily-distributed, easily-integrated, non-hardware-based, changeable, privacy-respecting approach.
Just in time for GDPR to kick into high gear, Intensity Analytics is making these authentication solutions available now. Organizations can have strong security, without cost and complexity and preserve privacy.
1. Verizon Data Breach Investigation Report, 2017
2. Wakefield Research, Sept, 2016
3. Gartner Marketing Spending Survey, 2016