Digital identities leaving us vulnerable
Whether it’s sending emails, using the company shared storage drive, social media or online banking, many of our day-to-day interactions are now done using a digital identity on the ever-expanding online world of the internet.
Online transactions are convenient, and for businesses that utilise the deep digital resource, the internet offers global access, flexibility and cost savings. However, there is a price: data.
Every account we create online requires credentials: a username and password, in addition to personal information such as names, phone numbers, emails, pictures and a date of birth. Like a set of keys, if someone’s credentials are taken or ‘‘hacked’’ their digital identity is compromised putting online accounts at risk – including their employer.
It’s becoming increasingly difficult for organisations to know who is accessing both their information and their clients’ or customers’ data. For this reason, company directors and senior management have a responsibility to ensure there is protection in place to stop digital espionage. As they do with physical security, companies now have to consider the best way to protect themselves and their clients from fraudulent digital access.
Should a business be breached, its reputation is damaged, trust is lost and the financial cost is heavy – just ask companies like Yahoo, whose 3 billion accounts were breached in 2013-14, or Uber, which tried to cover up the stolen personal information of 57 million Uber users and 600,000 drivers in 2016.
What is often not considered is the feeling of violation that those people who have their information stolen, much like if an intruder had been in their home. If it wasn’t clear enough that organisations need to consider their cyber security, the Australian government introduced the Notifiable Data Breaches Scheme in February this year forcing companies to fess up to the government and the victims when personal information, that could cause ‘‘serious harm’’ if exposed, is lost, stolen or accessed by an unauthorised third party – or face a possible $2.1 million fine.
As the world transitions into the digital realm, online security is as crucial as its physical counterpart. Tony Smales, CEO and founder of Australian digital security solutions provider Forticode, understands how overwhelming the idea of protecting your online credentials, let alone a whole company’s honeypot of data, from breaches may seem.
‘‘To best integrate digital security, it needs to be both simple and secure to the employee – the user,’’ Smales says. Forticode specialises in protecting organisations from credential theft using its flagship program Cipherise. The multi-factor digital security solution allows the user’s credentials to be stored securely on their smart device and never shared, to prevent identity theft.
In the current digital environment, anyone can be anyone – an anxiety-provoking hazard Smales calls the Blind Trust Approach. ‘‘The whole trust equation has been destroyed, as every interaction online has become a genuine risk without taking appropriate security measures,’’ he says.
The Forticode founder added that like losing the business key card, stolen digital credentials can lead to fraudulent access to a company’s intellectual property, client accounts and sensitive information.
‘‘An organisation’s employees and clients trust their information is safe as they would a bank with their money.’’
‘‘Proactively investing in cybersecurity is essential to preventing costly data breaches, and it is also an opportunity to increase business efficiency and add a competitive advantage.
‘‘If you take Cipherise for example, it’s one point of contact for the employee for all of their online transactional contracts requiring verification. In addition, it can be integrated into physical security and replace key cards.’’
According to Smales, most organisations are putting an unnecessary target on their back by creating big ‘‘honeypots’’ of data.
‘‘Too many companies centralise their data – all it takes is for one employee to have their digital identity compromised and the entire organisation can be breached, a pretty attractive proposition for a hacker.’’
‘‘The Cipherise program is a decentralised solution where credentials are protected on every individual user’s smartphone.
‘‘For a company using Cipherise, they can trust everyone engaging with them digitally, ’’Smales says.
Forticode recently partnered with Pronto Software and EY to provide cyber security solutions and was recognised by international technology research and advisory company Gartner.