Digital evolution has been accurately precited by many to steadily gain momentum, matching the pace of internet penetration coupled with proliferation of affordable end user mobile computing. Tracking back, the prediction has been fairly accurate if we were to consider notable digital events in the past two decades. While the corporates leveraged the advancements in cloud services, artificial intelligence, and machine learning; consumers benefitted from free web-based email to the highly popular social media platforms.
As the digital evolution was on its steady evolutionary path, the global “COVID-19 pandemic proved to be an unprecedented impetus, resulting into hyperscale growth of digital services and solutions”.
Embracing the Digital
In order to adapt to the new normal, corporates and consumers alike were left with no choice but to embrace the digital culture or become obsolete. While the corporates evolved their traditional operating models into digital or hybrid ones, consumers flocked to online service providers for food supplies, entertainment and even education.
On the upside, the rapid digitalization has enabled many corporates to bring in operational & cost efficiencies into their delivery models through remote working; and has granted convenience to consumers enabling them to avail a wide array of services from the comfort of their homes. However, while we rejoice the countless benefits of digitalization and race towards swift adoption, we run the risk of neglecting data security and privacy.
The Importance of Data
Data is the most important cog in the digital machinery and ensuring its security, and privacy of its users is the most fundamental premise for the success of the digital future. “Cyber criminals yearn for poorly protected systems and unsuspecting users to target vulnerabilities and compromise sensitive data”. The sense of urgency created by the pandemic to rapidly digitalize has in many cases led to de-prioritization of security and privacy in the favor of adoption speed.
In pursuit of digital transformation organizations have charted out comprehensive roadmaps with initiatives to digitalize all possible aspects of business operations. Digital tools and platforms are inducted to facilitate a host of activities ranging from sales, service delivery, collaboration & ideation, as well as employee trainings. While these digitalization initiatives most certainly aid in improving efficiency, it also introduces security concerns pertaining to multiple identities & log-in credentials, data exchange over multiple systems & platforms and third-party access to sensitive data. Inadequately protected digital accounts raise serious security concerns as cyber criminals have known to successfully decipher weak passwords or covertly access dormant accounts with administrative privileges.
With Multi-Factor Authentication (MFA) and Single Sign-On (SSO) solutions, organizations to a great extent have been successful in protecting digital accounts. While these systems provide a certain degree of defense against malicious attacks, significant work needs to be done towards user awareness. Also, archaic password policies often prove to be counterproductive to effective digital account security. Even the renowned National Institute of Standards and Technology (NIST) warns against practices such as random algorithmic complexity - mix of special characters, numbers & upper-case letters, and periodic password rest requirements. These practices discourage users from choosing a strong password.
The Issue with One Password for All
While corporates continue to invest in state-of-the art security solutions; consumers meanwhile are grappling with basic security hygiene. From a mere web mail and a social media account in the recent past, consumers today have assimilated numerous digital accounts for every other service they have signed up for during the pandemic. Adding to the security concerns; since it is virtually impossible to set and remember unique strong passwords for each digital account, users often tend to use the same passwords across all digital accounts. “It is not uncommon to use same password for official as well as personal digital accounts”. The glaring issue with using one password for all digital accounts is the single source of compromise – one compromised password grants the cybercriminal access to multiple digital accounts.
To overcome this concern, many popular internet and technology companies leverage the OAuth2.0 secure authorization protocol enabling their users to log into participating apps and websites using their credentials. As per this arrangement the user only has to remember the login credentials of its primary service provider. Additionally, Two-Factor Authentication (2FA), One Time Password (OTP) log-in as well as Encrypted Password Managers further enhance the security of the digital accounts.
As we adapt to this unprecedented change and prepare ourselves for the post-pandemic world, we need to be cognizant of the security and privacy nuances of the new digital environment. We need to exhibit highest levels of sensitivity and preparedness towards threats as data security and privacy are bound to be non-negotiables in the digital future.