Jerrod Chong

5 ways the YubiKey can protect your remote workforce from phishing and other attacks

In today’s enterprise journey to digital transformation, remote work is on the rise. Advancements in technology make it possible for employees to work from anywhere, but also introduce a new set of challenges for IT departments. Unsecured WiFi networks, unmanaged personal mobile devices, and phishing scams make it easy to steal user credentials and difficult to  securely manage geographically dispersed teams. 

While the concept of remote work is not new, it is becoming more prevalent for modern businesses. Recent global events are driving these numbers even higher, making it imperative for organizations to set processes and systems in place that not only secure remote workers, but do so without hindering productivity. We are already seeing hackers taking advantage of the current state of business uncertainty with targeted phishing attacks, making it imperative to develop a business contingency plan that includes protecting the workforce when working remotely. Enterprises need to ask, “Can employees access systems remotely without introducing new risks and vulnerabilities?” 

Enabling multi-factor authentication (MFA) should be one of the top requirements for a work from home policy. The YubiKey 5 Series and FIPS-validated YubiKey Series offer an easy-to-use, durable, and multi-function solution for all employees regardless of device type, operating system, or location. If you’re already using or want to use YubiKeys in your organization today, there are likely several other ways that you could be benefiting from strong hardware-backed authentication. 

With remote and distributed workers on the rise, here are five tips to ensure that your employees are protected from phishing and beyond, with YubiKeys: 

  • Enable MFA for identity access management (IAM) systems and identity providers (IdPs) — The best cloud and hybrid environments leverage IAM solutions to enable employees to work without the hassle of multiple usernames and passwords. Many of the leading IAM vendors offer native YubiKey support including Axiad, Duo, Google Cloud, Microsoft Azure Active Directory, Okta Workforce Identity, PingID, RSA SecurID Suite, and others. If you’re already using any of these services, you can immediately improve the level of security across your entire organization by simply turning on MFA with YubiKeys.
  • IAM vendors and IdPs can also be used for Single Single On (SSO) to other business critical messaging or video conferencing apps such as Microsoft Teams, Google Hangouts and Zoom. 
  • Secure VPN access with MFA — With an increase in remote workers, comes an increase in the number of people utilizing a VPN to access the corporate network. Pulse Secure and Cisco AnyConnect, can be configured to work with a YubiKey as a smartcard (PIV) for remote access. Other VPN applications that offer native support for YubiKeys use the one-time password (OTP) capabilities. 
  • MFA for computer login — Whether you’re using a Mac or Windows machine, there are several options for securing your computer login with the YubiKey. One of the most effective ways is to leverage the smart card functionality of the YubiKey, and use the key in addition to a PIN, to lock down access to a computer. Most recently, Yubico has been working very closely with Microsoft to enable native YubiKey support in Microsoft Azure Active Directory for a FIDO-based passwordless login experience. It is now available in public preview for hybrid environments as well. 
  • Step up authentication for password managers — If you are like the majority of respondents in a recent Ponemon Institute report and are still making your employees manage passwords with sticky notes and human memory, then it’s time to ditch that plan fast. Remote workers or not, your employees need a simple and safe way to create, store, and manage passwords. The YubiKey integrates with several enterprise-grade password managers including 1Password, Dashlane, Keeper Security, LastPass, and more
  • Use a YubiKey to generate one-time time-based passcodes — Many of the services or applications you’re using internally may support time-based one-time passcodes  (OTPs) — such as Google Authenticator or Authy — as a two-factor authentication method. Did you know that you can actually replace those authentication apps with the Yubico Authenticator application and a YubiKey? Instead of the one-time passcodes being stored within a mobile device or computer, secrets are stored in the YubiKey. This allows users to generate the OTP codes within the app by inserting or tapping the YubiKey to a device. Yubico authenticator is compatible with iOS, Android, PC and Mac.

For additional information on how organizations are using YubiKey to protect remote workers, sign up for our March 26 webinar on Enabling employees to work securely from home.

On behalf of all of Yubico, we’re committed to making secure login easy and available for everyone. To discover more YubiKey use cases, check out our solutions page. If you have questions about deploying YubiKeys within your organization, please contact us for more information.