A CISO’s best advice for protecting a rapidly evolving remote workforce

As Yubico’s Chief Information Security Officer (CISO), I am responsible for the company’s security, risk management, and compliance programs. I have more than 20 years of experience solving complex security scenarios, but I have yet to encounter the unique landscape that we are collectively facing as IT leaders.

Many of my peers and businesses across the globe are suddenly navigating new security complexities associated with managing a remote workforce — and it’s tough. Not only are IT teams scrambling to establish or scale technical infrastructures that can protect a rapidly growing remote workforce, but employees are also facing their own set of challenges.

Individuals are working from home that have never worked outside of an office before; fear, uncertainty and doubt are on the minds of many; and most everyone is distracted by the influx of news, lack of social connection, or disrupted home routines. The unfortunate reality is that hackers thrive in times of crisis when the likelihood of human error is in their favor.

While the state of current events can feel disheartening — even impossible — there are ways for organizations to immediately elevate their remote work security posture while also helping employees to feel supported. The following three areas will provide some immediate benefits to any organization, and will foster a more resilient working environment for everyone as we move forward together.

Deploy strong authentication technology to secure remote access. 

Strong multi-factor authentication, like the YubiKey, serves an important role in providing an additional level of confidence in a user’s proof of identity. This is especially important with the changes in workflows. Behavioral- and heuristics-based detection controls may not function as well as intended, at least in the near term. Companies will need to rely on preventative measures until their detection systems are re-tuned and adapted.

Additionally, companies should expect to see an influx of social engineering attacks on all employees, but also specifically targeted at support personnel. These individuals are going to be inundated with support calls from employees, and will be working quickly — maybe even around the clock — to resolve issues. It’s the perfect environment to capitalize on user error, and I suspect we’ll see an increase in stolen credentials and hijacked accounts as a result.

Maintain endpoint security, and plan for increased use of personal devices. 

Without oversight into employees’ work environments, it is necessary to have increased confidence in the endpoints that are accessing the company infrastructure. Environmental factors can pose significant threats, including the unauthorized use of corporate assets by family members or the use of personal devices to access corporate assets. Both of these scenarios can increase the likelihood of a successful malware, ransomware, or phishing attacks.

Using anti-malware or firewall software, strong authentication for computer logins, and simple best practices like frequent software updates or screen locking are critical to maintaining control of endpoints in unsecured work environments.

Establish backups to address ransomware threats for remote workers.

A remote workforce is more likely to work offline and to store information on both company-issued devices and personal machines. A successful ransomware attack on either may lead to a greater impact on the employee and company.

Successful recovery will require frequent and automatic backups of that information. Backups should happen seamlessly and not require the user to be connected to the corporate network via VPN.

One of the main reasons I chose to join Yubico is to help address fundamental security issues facing the world. I believe now more than ever, our mission is critical to help ensure frontline and remote employees can work seamlessly without additional security risks.

Even after companies begin to reduce their remote workforce and transition back to in-office working parameters, a business continuity plan with these three focal points will provide a sustainable security foundation to mitigate future risk.

If you’re looking for other helpful tips on securing your remote workforce, tune into our on-demand webinar, 5 Ways to Protect Remote Workers From Account Takeover.’ Yubico’s Chief Solutions Officer, Jerrod Chong, shares some of the best practices for protecting identity and access management (IAM) platforms, VPN and VDI solutions, computer logins, SSH sessions, password managers, and more.

Talk to our teamTalk to our team

Share this article:


  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST