Transitioning to a tokenless multi-factor authentication system for specialist chartered accountants
Rawlinson & Hunter is an international firm of chartered accountants, specialising in financial advice and taxation in managing wealth and assets for both private and corporate clients.
The Challenge
Founded in 1933, the company remains independent and has built a leading reputation in offering bespoke advice and innovative solutions to its clients.
From its headquarters in London, the company’s network of offices stretches to New Zealand, through the Channel Islands, Switzerland, Bermuda, the Caribbean and Australia.
80% of the company’s 130 professional members of staff had for three years been using a token code-based system for VPN access, necessitating the need to combine a personal identification number (PIN) with a token code. With partners visiting clients all over the world, it was imperative that the key fobs everyone had to carry with them did not expire in the middle of their trip. Although this was a rare occurrence it was a cause of concern and irritation.
The company was also beginning to develop an extranet service for its clients and there was concern of how to physically ship a key fob to the client user who could be located anywhere in the world.
The challenge therefore was to overcome the possibility of employees forgetting or misplacing their key fobs and to accommodate the development of the client extranet that would allow clients to securely retrieve their personal reports via the internet. Incorporating the current token system to these developing strategies was considered too expensive and a logistical challenge to administer and an alternative solution needed to be sought.
The Solution
The nature of Rawlinson & Hunter’s work takes its professional staff all over the world to visit its clients and therefore employees require remote access to their files that is easily accessible when working out of the office.
Advised by IT optimisation and security specialist, Opt-Sec, the company chose Swivel Secure as their preferred supplier of a tokenless authentication solution to integrate its network security technology, The Swivel Secure tokenless multi-factor authentication system, PINsafe®, provides every user with a unique PIN code which is combined with a randomly generated security string in order to extract a One-time Code (OTC) for every login generated. This is all that is required to remotely access personal files and was considered the perfect preferred solution to meet the needs of Rawlinson & Hunter’s staff travelling around the world.
“We needed to accommodate a broad range of users in terms of their IT capability and the tokenless system really fitted the bill, making it an easy transition to make.”
Rawlinson & Hunter IT Director, James Symonds.
Users were provided with a general manual of instructions that was quickly incorporated and taken on board with ease, and although cost was not the company’s main driver, the newly integrated Swivel Secure solution will be long-term and a cost-effective one.
The worry of key fob misplacement and licence expiry has now been completely taken out of the equation, allowing for greater efficiency in the workplace and enhanced use of time and resources.
The Outcome
Since the client extranet was launched six months ago, it has been willingly embraced by some Rawlinson & Hunter clients already.
“People are used to online banking systems and this is a similar type of authentication system.”
Rawlinson & Hunter IT Director, James Symonds.
“Swivel Secure’s tokenless solution has always been considered attractive from a commercial perspective. Rawlinson & Hunter is yet another case where concern over client user acceptance, for example if it was considered too technical, was proven unfounded as it has been embraced by staff and customers alike with minimal effort required for user education.”
Opt-Sec Sales & Marketing Director, John Barry.
The partners and employees of Rawlinson & Hunter have had little difficulty in accepting and transforming to this new solution too. Confidence in the tokenless system has enabled personnel a greater flexibility to work from home or when they are visiting a client abroad. It is proving to be a particularly successful tool to use from a disaster recovery point of view. For example, the recent heavy snow-fall that swept the UK enabled the company to continue ‘business as usual’ to its International client-base, with employees working remotely from the comfort of their own homes.
“Everyone seems to have accepted the Swivel Secure solution more than our original token system. We have really noticed that the login failure rate has dramatically decreased and it has generally made life easier for everyone”
“We are evolving our client extranet slowly, but we are really happy with the technology and feel comfortable to start rolling it out more widely now”
Opt-Sec Sales & Marketing Director, John Barry.