Manage Pressing Risks with EPL-Risk.com

A one-stop hub for practical, timely and actionable insights, tools and training that may save thousands of dollars by minimizing potential loss exposures, human resources expenses, training costs, and attorney fees.

Stay on top of current workplace issues, legislation, and employment trends with:
  • Articles, News Briefs, and Checklists
  • Interactive Training Modules
  • Model Handbook with 100+ Template HR Policies, Procedures, and forms

Today's Workplace

Ask Jack: Is Burnout Causing Cybersecurity Risks?

Jack McCalmon addresses an employer's concern linking burnout to heightened cybersecurity risks.

Continue Reading

Ask Jack: Can An Image Deliver Malware?

Is it possible to deliver malware through an image? Jack provides the answer.

Continue Reading

Ask Jack: What Is The Real Risk For Small- And Medium-Sized Businesses After A Cyber Attack?

Jack McCalmon, Esq. details the mindset small- and medium-sized employers should have when addressing cyber breach risk, and the end results of a breach.

Continue Reading

Facial Recognition Faces Challenges Even Though Passwords Still Present Security Risks

The General Services Administration (GSA), which oversees federal offices and technology, has decided that facial recognition technology will not be used on its secure log-in service, Login.gov.

The GSA's Login.gov already provides sign-in services to 200 websites run by 28 federal agencies and has been used by more than 40 million people. This position differs from that of the Internal Revenue Service and other federal agencies that sought to require Americans to consent to facial recognition to sign on to government websites.

The GSA says the face-scanning technology has too many problems to justify its use as an identity verification service. The director of the GSA's Technology Transformation Services has stated that the GSA "is committed to not deploying facial recognition … or any other emerging technology for use with government benefits and services until a rigorous review has given us confidence that we can do so equitably and without causing harm to vulnerable populations."

The Treasury Department last year awarded a two-year, $86 million contract to a private contractor, ID.me, that would require taxpayers to send in video scans of their face before they can verify their identities and access their tax records online. The plan was scheduled to go into effect this summer. The GSA's site was built and is operated by government employees to accomplish the same tasks as ID.me by relying on more traditional methods of identity verification, such as scanning government records and credit reports.

However, the IRS announced it has abandoned that plan after news of the contract stirred up a controversy because facial recognition systems are unregulated in the United States and have been shown in federal tests to work less accurately for people with darker skin. Members of Congress and privacy advocates also voiced concern that the systems could undermine Americans' privacy rights or unfairly disadvantage people without access to a smartphone, laptop camera, or the Internet. "Huge government agencies clash over imposing facial recognition" www.washingtonpost.com (Feb. 07, 2022).

Commentary

Leadership’s decision to oversee the hardening of a company’s cyber defenses can be informed by the pros and cons of using facial recognition illustrated by the contrasting positions taken by the IRS and the GSA.

Federal guidelines published in 2017 by the Commerce Department’s National Institute of Standards and Technology urged agencies to follow identity-verification standards, known as “Identity Assurance Level 2,” that includes collecting a person’s facial image, fingerprint, or other “biometric sample,” either in-person or remotely, to help stop fraud.

Over 40 percent of IT leaders estimate that they could reduce their risk of breach by almost half simply by eliminating passwords. Nearly every security leader (86 percent) would do away with passwords if they could. Almost three-in-four (72 percent) are actively looking to replace passwords. However, until passwords are replaced by other means of access such as digital devices, security keys, or by using Bluetooth, USB, or NFC devices to authenticate their login, passwords are here to stay.

Cybersecurity experts recommend organizations integrate a two-factor authentication system or require a password manager. Neither requires employees to recall complex strings of characters, and both better protect data. Moreover, biometric devices go beyond fingerprint readers. They can include retina and iris scanners, handprint patterns, DNA Fingerprints or DNA Matching, deep tissue illumination, keystroke or typing pattern, ear shape, gait, odor, signature recognition, typing recognition, and vein recognition.

Finally, your opinion is important to us. Please complete the opinion survey: