Let me tell you a story. It has everything a gripping tale needs – conflict, a power struggle and a gripping climax. Best of all, it’s loosely based on true accounts – could this be your story?
Paul Brown is CEO of a FTSE 100 retailer. It’s summer and he’s jetting off with his family for three weeks on Safari in Kenya. He’s done his research and the reserve he’s travelling to offers wi-fi access, his mobile is unlocked and set to roam wherever he does, and IT has been exceptional in making sure he knows all the passwords, processes, and exactly how to input the authentication codes that will grant him access to the network remotely.
He’s even been shown how to use another computer, not owned by the company, to open the bowels of the network in case his own develops a problem. His secretary has his full itinerary, contact details and the mobile number of his dedicated guide.
Paul’s got it all covered, or so he thinks.
At the airport he hands over the keys to his car for the valet parking service before heading into departures. Paul has no inkling that this innocent action will be the catalyst to his fight for survival.
Waiting to pounce
Before he’s even collected the bags at the airport, Paul gets his first suspicion that trouble is brewing. There’s a message from Sharon, the company secretary – the share price has risen suddenly with rumours that the company is the subject of a hostile takeover.
It has been two months since the call with Martin, the CEO of S&E Plc and Paul’s main competitor. Martin had made an offer for the company. Paul had laughed, rebuking it and stating he’d never let Martin, or his cronies, get their feet under his table. He’d meant it then and, even now six thousand miles away, he still believed the offer was bad for business, bad for shareholders, and definitely bad for him. He would fight this takeover.
Paul needed to get online, now.
It was then that the visual image of his authentication token, swinging from his keychain as he handed over the car keys, hit him as hard as a charging elephant. Without the little bit of plastic he couldn’t log onto his laptop or connect remotely from another computer. Paul felt sick.
Calling his secretary, Paul sheepishly explains the situation, and gets her to tell him exactly what’s going on. The two hour journey to the reserve passes in a flash as he dictates emails he needs her to send, briefs her on calls she needs to make, and pleads with her to get IT to remove all the security precautions blocking his access to the network.
Arriving at the luxury lodge Paul plugs in his laptop and starts trying to ‘hack’ the system. It’s futile as, without the authentication token, he can’t get past the welcome screen to the veritable wealth of information that should be at his fingertips.
A call to reception confirms that there are computers in the bar, with internet access, that he can use, though still not the answer to Paul’s prayers.
While his wife and children are happy with the distraction, and the wine is very tasty, unfortunately without his authentication token Paul can only access public systems and newswires to read what’s happening back in London. Still locked out of the network, Paul’s powerless to access the information he desperately needs to start changing what’s happening.
The authentication security system, while obviously effective, had seemed pricey when the board had first authorised the budget five years ago and the on-going costs aren’t cheap either – Paul’s nervous it’s going to prove even more expensive than first calculated on a personal level!
Evasive action avoids capture
As Paul starts contemplating returning to London, a chance glance at the person sitting at a near by computer offers his first glimmer of hope.
The screen looks very similar to his welcome screen and the man appears to be consulting his mobile while inputting the authentication code. A few seconds later and, while Paul can’t read what’s written on the screen, he can tell the man is busy perusing an excel file. A quick chat reveals that it is exactly what it appears – an alternative to physical two factor authentication that uses virtual tokens.
Any phone that receives SMS messages, which Paul’s and practically every mobile in the world does, can be used as an authentication token.
Time to turn predator
Paul wastes no time. As he calls IT to share what he’s learned, he starts researching the solution. According to the company’s website, it can be installed within 24 hours and 18,000 users can be up and running in an hour – that beats the six months it took for the present system!
The icing on the cake is, while resolving his current predicament, it also reduces the ongoing running costs of the physical tokens his company’s using by almost 60% making it a no brainer. A few phone calls later and the expense is rubber stamped by the rest of the board.
In no time at all Paul receives a text, with his authentication code, and gets logged into the network. He’s able to review and authorise the statement reassuring shareholders that the current board are on top of the situation and advising them to dismiss the offer.
He sends various documents and contracts to his legal team, prepares financial statements and material to assure the bankers and even accesses and circulates the dossier he’s compiled ‘just in case’ on Martin and S&E Plc.
Over the next three weeks Paul experiences the thrills that seeing the ‘Big Five’ in the wild has to offer, while overseeing a take over for S&E Plc.
Arriving back into Heathrow and collecting his keys, Paul slips the little piece of plastic off his key ring and drops it into the nearest bin. All in all it’s been a fantastic and rather productive vacation that he’ll never forget.
Paul didn’t have to be on holiday in Kenya, and he didn’t have to be fighting a take over battle. He could have been facing the inconvenience of a day at the office while his token was at home, out for a meeting while his token was on his desk, or having a coffee and unable to log in to send a quick email as his token was in the laptop bag in the boot of his car.
The reality is everyone is more likely to check they’ve got their mobile with them than they are a physical two factor authentication token. Are you one of them?