Home Executive Insights

Is Your Workplace Technology Putting Your Company Data At Risk?

by Chad Smith on March 16, 2021

Essential workplace technology security features

Two-factor authentication (2FA)

An authentication factor is a type of security credential used to confirm that the person requesting access to software, systems, or networks is authorized to do so. The most common authentication factor categories are:

Knowledge factors, which are pieces of information that are known, such as a password, PIN, or answer to a secret question
Possession factors, which are items a person has, such as an ID badge or key fob
Inherence factors (more commonly known as biometric factors), which refers to a characteristic of the user’s physical self, such as their fingerprint or voice

Workplace technology solutions that use two-factor authentication (2FA) require users to provide two different authentication factors (usually knowledge and possession) to verify their identity prior to being granted access.

In most cases, 2FA follows the same steps. First, the user receives a prompt to enter their username and password. Then, they must provide a randomly-generated code that is sent either to their email address or texted to their mobile device (possession).

Two-factor authentication is more secure than requiring a user to enter their standard login credentials since additional information beyond their username and password is necessary to sign into the interface. It is important to know that in order for a process to be considered 2FA, users must be required to provide factors from two different categories.

For example, requiring a user to answer a secret question in addition to entering their username and password is still considered single-factor authentication since both components are classified as knowledge factors.

Cloud-based infrastructure

Using on-premise workplace technology may give you control over decisions like how data is protected and how user permissions are assigned, but being responsible for every aspect of data and system security is risky and expensive. With cloud-based software solutions, the provider uses their considerable resources and personnel to proactively safeguard your information and handle everything security-related.

Cloud-based workplace technology also reduces security risks because the solutions automatically receive the latest system updates. Many older, on-premise platforms are no longer supported by the vendor, which makes them more vulnerable to outages and cyberattacks since they have stopped receiving necessary bug fixes or security patches.

Additionally, while hosting your data and files on your own servers means on-site employees can access them without an internet connection, it also means that in the event of a hardware failure, natural disaster, cyberattack, virus, or another catastrophic event, you could lose all business-critical information in seconds.

Even if you have backups, you may not be able to recover the data quickly. If you only have backups scheduled for once a day, you will be unable to recover any files that were created since the last save. With cloud-based workplace technology, your data is automatically backed up to multiple servers, so if one fails, another copy of your data exists elsewhere and you can access it instantly.

You also won’t have to worry about allocating resources to maintain and protect on-site hardware and software, and you’ll also avoid the costs associated with physical security, downtime, and disaster recovery.

Data encryption at rest

All data exists in one of three states: in use, in transit, or at rest.

Data in use refers to data that is actively being viewed, analyzed, updated, processed, created, or erased. Data in transit is currently moving from one location to another, whether that is from a storage device to the cloud, from a local server to a remote server, or from one employee’s computer to another.

Data at rest is sitting idly in its designated storage location.

While data in any state must be kept safe, cybercriminals often target data at rest more aggressively since stored data is generally where valuable information about the company’s customers exists. This is why it’s so important that your workplace technology supports data encryption at rest.

Encryption is a security measure that converts plain text data into an unreadable format using a cryptographic key, which is a unique character string within the encryption algorithm. Data encryption at rest protects all stored information by ensuring that once the data has been “locked” (encrypted) using a specific cryptographic key, it can only be “unlocked” (decrypted) using that same cryptographic key.

If a cybercriminal physically steals or remotely accesses a hard drive with proprietary information, encrypted data will appear as random letters, numbers, and symbols, making it unusable.

Data encryption at rest is an essential aspect of layered security, ensuring that if one security measure fails, another is in place to protect the system and its data. This strategy recognizes that no security measure is 100% impenetrable. By using multiple methods, you can counteract gaps to enhance protection against threats.

SOC 2 compliance

Developed by the American Institute of CPAs (AICPA), System and Organization Controls (SOC) reports provide independent, objective assessments on an organization’s internal controls.

While a SOC 1 audit focuses on financial reporting, SOC 2 audits concentrate on the policies and procedures “relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.”

By undergoing a SOC 2 audit, a workplace technology provider demonstrates they are committed to preserving the confidentiality and integrity of any data they store, process, or transmit and are following the security standards necessary to keep private information private.

More specifically, SOC 2 compliance shows the provider has confirmation from a reputable third party that the organization has implemented appropriate security measures to identify and mitigate potential risks. This ensures information is safe from unauthorized access or disclosure and that their systems are protected from damage that could compromise data availability, integrity, confidentiality, or privacy.

Examples of these security measures include the following:

Instituting digital and physical access controls
Executing vulnerability assessments
Installing network and application firewalls
Adopting an Acceptable Use Policy (AUP)
Using two-factor authentication

In addition to managing the security, integrity, confidentiality, and privacy of data, adhering to the SOC 2 standards requires maintaining the availability of data. This means your workplace technology provider should have established disaster response and recovery plans as well as secure data backups. They should also have protocols for monitoring performance and incidents.

Invest in solutions with advanced data and security protection

One of the biggest benefits of workplace technology is that it connects every member of your workforce with the data they need. This is why you need to invest in solutions with robust security features that protect your systems and your data.

iOFFICE’s integrated experience management system (iXMS) was built to be secure from its inception. As a 100% cloud-based software solution, it is continuously and automatically updated — unlike on-premise systems that require expensive upgrades.

Our system is designed to integrate easily and securely with other workplace applications, allowing business leaders to simplify their technology stack and streamline workflows.

This technology allows for ongoing optimization in your workplace as it collects data from IoT devices, sensors, and other solutions.

Does your workplace technology meet these standards? Take our five-minute maturity assessment to find out.

ABOUT THE AUTHOR

Chad Smith

As the VP of Product Strategy, Chad David Smith wears many hats that leverage his 20+ years of experience in the industry. Chad collaborates directly with clients and partners as well as with the iOFFICE client experience, client success, sales, marketing and development teams to create the most innovative and valued solutions for our clients.

Capterra Ratings: ★★★★★ 4.5/5

BACK TO ALL POSTS

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.