Compromised credentials cause 61% of today's data breaches.1 Most of these data breaches stem from organizations using shared workstations, commonly done so by bank tellers, contact centers, hospitals or manufacturing facilities.
What is common amongst these businesses that have shared workstations is that they're in industries that are responsible for storing sensitive user data. Unfortunately, many companies do not properly secure shared workstations against today's cyberthreats, but securing shared workstations is crucial today to protect personal identifiable information.
Insider threats and poor password practices continue to be entry points for organizations to fall victim to cyberattacks, and in a shared workstation environment, the problem is amplified.
The solution? Organizations need a solution that can identify users with 100% certainty to secure their shared workstations.
Shared workstations are devices that are widely used in industries with a shift-based staff. Even during the pandemic, the most critical and necessary industries like healthcare and financial services still utilized in-person shared workstations.
Today, hospitals, libraries, banks, and contact centers commonly use shared workstations. For example, hospitals operate 24/7, but hospital staff work in shifts of 8 to 12 hours. Therefore, multiple nurses will typically log into a single shared device or station over the course of a day.
In the financial services sector, bank tellers who work in more than one branch need to be able to login to their account on any of the workstations available and multiple tellers must be able to login from the same workstation within the same branch.
Regardless of the industry, a major characteristic of a shared workstation is that multiple users can authenticate to the same device throughout the day. This also means a single device must be able to host multiple users or employee accounts. The major cyber concern with having multiple logins on a single device is that shared workstations have a direct link to critical systems and data, including customer data, payment information, sensitive information, and, depending on the industry, manufacturing information and health data.
Even though shared workstations cut down on expenses, it comes with increased security risk. Organizations need to consider solutions that prevent insider threats and phishing attacks that stem from utilizing a shared workstation.
Unfortunately, shared workstations are low-hanging fruit for cybercriminals to initiate a cyberattack. If a shared workstation gets breached, organizations can experience business downtime, brand, and reputational damage, and issues with regulatory compliance.
Modern cyber threats expose weak security systems from traditional authentication methods that fail to protect organizations from cyberattacks.
Passwords continue to be a common method of securing an organization, but compromised credentials continue to be the most common cyberattack entry point. In fact, 61% of data breaches are caused by compromised credentials.2 When you consider that shared workstations host multiple logins per device, it should not be surprising that most data breaches starting from stolen passwords occur in organizations with shared workstations.
Shared workstations by nature amplify the chance of a data breach. Users can share login information with each other or as many users do: write their passwords on sticky notes and place them next to their device. Surprisingly enough, 41% of employees continue to do this to manage their passwords.2 This allows insider threats to easily jot down an employee's credentials. If that employee reuses that password for other applications and services (as 82% of users tend to do2), then internal bad actors can access critical assets and cause major damage to the company.
As said before, the industries that use shared workstations tend to host personal identifiable information (PII), especially healthcare, manufacturing, financial, and education. The common factors are high employee rotations, opportunities for seasonal employees, and high employee turnover. With all these moving parts, there are underlying risks that organizations may not recognize until it is too late. For example, previous employees can still have access to critical data if their account has not been deleted, and those employees can either log into the system themselves or distribute their login information to cybercriminals or other unauthorized individuals
While it is good practice to disable employee access during the off-season or if they are no longer there, organizations should also implement a solution like biometrics, which cannot be stolen or forged, forgotten, lost, or shared. Thus, cybercriminals cannot utilize previous employee information to break into the network.
A problem that organizations may face when thinking about improving their cybersecurity solutions is that if the authentication methods are too complicated for their users, adoption will be low. Conversely, if the authentication methods are too simple, the business cannot be confident that the solution is strong enough to actually keep information safe.
Any authentication method that relies on "something you know", like a memorized password, is always subject to human error. Passwords can be forgotten, stolen, or shared, which adds potential risk and user frustration, and friction to the login experience. Incorrectly typed passwords can eventually lock employees out of their accounts.
To verify the user logging into the workstation, IT admins must implement proper user access controls and user permissions for shared workstations to avoid low-level employees having access to confidential assets. Additionally, this prevents low-level employees from having admin level access.
This is where Identity-Bound Biometrics comes into play. By authenticating the user, not the device they're using, it is a much more secure method than existing, traditional ones. It goes beyond device-based biometrics and identifies the user with 100% certainty.
Unlike commonly used passwords, IBB cannot be stolen, forged, forgotten, lost or shared. Not only is it more secure than passwords, but because biometric information, IBB, cannot be mistyped, there is no human error to account for, conveniently logging the user in with the tip of their finger or the scan of a palm or face.
Because it is impossible to share biometric data, insider threats cannot take advantage of IBB to share with cybercriminals outside the company, significantly decreasing the chance of a cyber-attack.
There are plenty of use cases where organizations should implement Identity-Bound Biometrics to secure shared workstations.
Because of high employee churn, seasonal employees, and other business dynamics, organizations need a simple approach to verify agent identities before providing access to critical systems, and PII. Financial services and call centers can deploy BIO-key fingerprint readers to verify the identity of call center agents, bank tellers, and bank managers before they have access to PII and other sensitive data.
Additionally, using fingerprint scanners can verify the identity of managers so they can approve large changes to customers' accounts or approve high withdrawals.
Healthcare facilities, especially hospitals, are still a top target for cybercriminals, so it's become more critical than ever to secure point-of-care access to shared workstations and prescription cabinets. Combined with EPCS (Electronic Prescriptions for Controlled Substances), implementing biometrics can prevent nurses and other hospital personnel from grabbing more prescribed medications than authorized.
Fingerprint readers can be integrated in prescription cabinets to properly verify nurses that requested specific prescriptions for their patients. At nurse workstations, biometrics can also be used to identify nurses logging into their accounts without reducing workflow and risking stolen access to critical patient information.
Retail companies experience a high employee turnover from full-time, part-time, and seasonal work employees - meaning they need a solution to properly identify which employee is currently logged into the POS system.
Registers like shared workstations have employees shifting on and off POS systems which contain customer payment information, so it's crucial to always know with 100% certainty which employees are logged into the POS system.
Identity-Bound Biometrics can properly identify employees working on shifts, and in cases for large payments or returns, managers are able to step in and verify the transactions through their own biometric identity.
In an environment where stolen goods and insider threats occur often, having biometric authentication can properly track which employees are working and who oversees payments for the shift.
Traditional authentication methods, especially those password-based, are no longer sufficient to keep shared workstations secure. In today's fast paced environment, it's difficult to manage a wide variety of employees: ones with different shifts, seasonal employees, and those who are working full-time versus part-time.
When it comes to shared workstations, cyber risk increases drastically, and when you consider that these organizations host many personal identifiable information, you would hope these organizations have a strong solution implemented.
Identity-Bound Biometrics does exactly that. IBB verifies the identity of the employees requesting access with the highest levels of accountability, transparency, and security without needing to cut corners to reduce costs.
For employees who move around a lot or go from workstation to workstation, implementing Identity-Bound Biometrics is the most secure and convenient way to login. IBB cannot be stolen, forgotten or shared, and it is much easier to authenticate the user than using a password.
If you're interested in learning more about IBB and how you can utilize it, download the Identity-Bound Biometrics Datasheet. Alternatively, we encourage you to reach out directly if you'd like to speak to our team to discuss your personalized needs.
2https://www.ibm.com/reports/data-breach