Google’s new authentication helps battle fraud
In February 2020, Google announced it was providing additional security measures to Google Nest by requiring that all Nest users enroll in two-factor authentication (2FA) to protect their account. We applaud this move as it heralds a more stringent way to protect IoT users – and devices – from fraud.
This announcement comes on the heels of the Ring Hack that went viral in late 2019 and shed light on the importance of proactive IoT security and consumer awareness.
While data breaches have desensitized most consumers, digital home invasion is indeed closer to home. As smart device adoption continues to grow, users must be vigilant to not only change passwords but to take advantage of advanced security settings. By introducing 2FA, Google is adding necessary security measures to protect consumers.
The fact is, as our work and home lives have merged and with the confines of the office now infinite, the importance of vigilance cannot be underestimated. The issue is insecure, unmanaged and unsanctioned IoT devices have become a popular attack vector. For the enterprise, the creeping tide of consumer devices in the workplace expands the attack surface and requires automated access enforcement. A Zero Trust framework of discovery, authentication, verification and segregation is foundational to mitigate these IoT risks.
In business, many enterprises have embraced the concept of Zero Trust, a security model that is key to mitigating cyber risk. With its principle of user, device and infrastructure verification before granting conditional access based on least privilege, Zero Trust holds the promise of vastly enhanced usability, data protection and governance.
As organizations progress Zero Trust security at work, they must fortify their security awareness programs; especially since the home office and business travel are the new corporate perimeter.
The payments and banking industry should also be taking a beat from the principles of Zero Trust and can learn from Google’s new security announcement for its IoT devices. As banks are offering online and mobile banking for their customers, they too should enlist the same tenets of Zero Trust including user and device authentication, as well as behavioral analytics, to enable conditional access for their customers to fortify protection of their consumers.