3 ways to make biometrics work in the workplace
By Rob Mungovan, Chief Commercial Officer, Aware
Even before the pandemic, the digital revolution was creating the need for an enhanced work environment. When the pandemic broke out, remote collaboration and flexible workforces became a necessity and not just a nice-to-have; companies had to pivot to more robust security and privacy solutions that were adapted to the ever-shifting state of work during COVID-19.
Biometric technology has entered as a crucial part of securing the workplace both logically and physically. Thanks to biometric authentication, companies are able to accommodate hybrid and remote working arrangements without exposing themselves to the increased security risks of “working from anywhere.”
That said, the rising and rapid implementation of biometric authentication across many industries has also led some companies and individuals to raise concerns about individual privacy. After all, if a biometric security measure involves a fingerprint or a facial or iris scan, how can employees be sure that information isn’t being stored or used elsewhere? Despite these concerns, it is possible to implement this technology in a way that not only respects employee privacy but also increases security compliance on the part of organizations, and overall job satisfaction and convenience for employees.
Communicate before you collect
Establishing biometric security systems requires enrollment into the system – but before you go about requesting biometric enrollment from everyone in your organization, there are some steps you should take if you want the implementation to start off on the right foot.
First, clearly communicate to everyone in your organization what biometric authentication is, how it will be used within your company, and what biometric information you intend to utilize in order to implement new security measures. This level of communication and transparency demonstrates two things to your colleagues: that this isn’t an ill-conceived implementation but rather a vital security measure, and that your organization is committed to being straightforward about data collection and usage efforts.
Then, get consent in writing from employees before you ask them to enroll their biometric information. Make sure they understand what is being submitted, where it’s being stored, and how and when it’s being used. There may be specific disclaimers you must furnish in accordance with state laws and policies, but regardless of if those are present or not, it’s always good practice to request consent before capturing this information from your employees. If necessary, consult with your legal team as needed to ensure employee consent is as clear and comprehensive as possible. Many states are considering enacting biometric data privacy laws so your counsel is apt to be up to speed.
Store sensitive data securely
Biometric data storage and data security are two incredibly critical elements of organizational security, and should not be taken lightly. The way biometric data is secured matters – ineffective storage and that data could be leaked or stolen, exposing your organization and your colleagues to unnecessary risks.
Biometric data can be stored on a portable device such as a smart card, which is not typically vulnerable to network-related issues and which gives users a certain amount of control over their biometric data. This storage solution, while ideal for many, can be costly and often requires the user to present that card to biometric readers to verify their identity. Smart cards also have the potential to be lost or stolen.
A centralized biometric database may be less costly than the portable token approach but having all biometric data stored in one central place can render an organization vulnerable. On the other hand, storing this data in a secure centralized data center that is heavily protected from external factors is often a better choice for organizations with a decentralized workforce.
Getting up and running
As biometric data security implementations become more and more prevalent across a myriad of industries, quickly getting your workforce up and running with authentication technology has never been easier. App integrations designed to function on employees’ mobile phones are just the latest in a series of innovations designed to help organizations to begin implementing biometric authentication without huge overhead. Verifiable digital credentials can be stored on someone’s mobile device, further ensuring only the person who owns the device is able to prove their identity.
These app frameworks are specifically designed to enable faster time to market, integration and flexibility to companies interested in rolling out biometric authentication methods sooner rather than later. Mobile devices become a primary function of identity security, with voice and facial biometrics as the primary security barrier, alongside passive liveness detection, document validation and passwordless multi-factor authentication.
For many organizations, this is the future of biometric authentication. It’s simple to set up, easy for developers to maintain, and easy to use no matter where employees are based.
Making biometrics work
Let’s face it, many employees are sick and tired of having to remember passwords and verification questions for every system or database they must access on a regular basis. Biometric security measures are truly the future in more ways than one, and by remaining transparent about their implementation within your organization, storing sensitive data carefully, and using mobile verifiable data credentials to add that extra layer of security, you’ll be able to make biometrics work in your workplace quickly, safely and easily.
About the author
Robert M. Mungovan has over 20 years of experience with Aware. Prior to his current role as Chief Commercial Officer, Mr. Mungovan served as Aware’s Vice President of Biometrics and as the Sales and Marketing Manager of Biometrics and Imaging.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.