A CISO’s best advice for protecting a rapidly evolving remote workforce

As Yubico’s Chief Information Security Officer (CISO), I am responsible for the company’s security, risk management, and compliance programs. I have more than 20 years of experience solving complex security scenarios, but I have yet to encounter the unique landscape that we are collectively facing as IT leaders.

Many of my peers and businesses across the globe are suddenly navigating new security complexities associated with managing a remote workforce — and it’s tough. Not only are IT teams scrambling to establish or scale technical infrastructures that can protect a rapidly growing remote workforce, but employees are also facing their own set of challenges.

Individuals are working from home that have never worked outside of an office before; fear, uncertainty and doubt are on the minds of many; and most everyone is distracted by the influx of news, lack of social connection, or disrupted home routines. The unfortunate reality is that hackers thrive in times of crisis when the likelihood of human error is in their favor.

While the state of current events can feel disheartening — even impossible — there are ways for organizations to immediately elevate their remote work security posture while also helping employees to feel supported. The following three areas will provide some immediate benefits to any organization, and will foster a more resilient working environment for everyone as we move forward together.

Deploy strong authentication technology to secure remote access. 

Strong multi-factor authentication, like the YubiKey, serves an important role in providing an additional level of confidence in a user’s proof of identity. This is especially important with the changes in workflows. Behavioral- and heuristics-based detection controls may not function as well as intended, at least in the near term. Companies will need to rely on preventative measures until their detection systems are re-tuned and adapted.

Additionally, companies should expect to see an influx of social engineering attacks on all employees, but also specifically targeted at support personnel. These individuals are going to be inundated with support calls from employees, and will be working quickly — maybe even around the clock — to resolve issues. It’s the perfect environment to capitalize on user error, and I suspect we’ll see an increase in stolen credentials and hijacked accounts as a result.

Maintain endpoint security, and plan for increased use of personal devices. 

Without oversight into employees’ work environments, it is necessary to have increased confidence in the endpoints that are accessing the company infrastructure. Environmental factors can pose significant threats, including the unauthorized use of corporate assets by family members or the use of personal devices to access corporate assets. Both of these scenarios can increase the likelihood of a successful malware, ransomware, or phishing attacks.

Using anti-malware or firewall software, strong authentication for computer logins, and simple best practices like frequent software updates or screen locking are critical to maintaining control of endpoints in unsecured work environments.

Establish backups to address ransomware threats for remote workers.

A remote workforce is more likely to work offline and to store information on both company-issued devices and personal machines. A successful ransomware attack on either may lead to a greater impact on the employee and company.

Successful recovery will require frequent and automatic backups of that information. Backups should happen seamlessly and not require the user to be connected to the corporate network via VPN.

One of the main reasons I chose to join Yubico is to help address fundamental security issues facing the world. I believe now more than ever, our mission is critical to help ensure frontline and remote employees can work seamlessly without additional security risks.

Even after companies begin to reduce their remote workforce and transition back to in-office working parameters, a business continuity plan with these three focal points will provide a sustainable security foundation to mitigate future risk.

If you’re looking for other helpful tips on securing your remote workforce, tune into our on-demand webinar, 5 Ways to Protect Remote Workers From Account Takeover.’ Yubico’s Chief Solutions Officer, Jerrod Chong, shares some of the best practices for protecting identity and access management (IAM) platforms, VPN and VDI solutions, computer logins, SSH sessions, password managers, and more.

Talk to our teamTalk to our team

Share this article:


  • Mission matters – my reflections on winning the EY World Entrepreneur of the Year “This is the biggest mission any of the entrepreneurs have presented in this competition.”  I heard these words a few weeks ago from one of the judges for the EY World Entrepreneur of the Year award program – whom I had the honor to meet during the final step of the world’s largest entrepreneur competition.  […]Read moreawardsFounderStina Ehrensvard
  • Yubico recognized by TrustRadius 2025 Award for top customer reviewsAs AI-driven cyber threats like credential phishing evolve and grow in complexity, phishing-resistant YubiKeys are an important component toward cyber resilience — and our mission to make the internet more secure has never been more critical. To support this, customer feedback is something we take very seriously and is an invaluable tool to ensure we’re […]Read moreawardsTrustRadius
  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more