Hybrid work driven by Covid-19 prompts a shift in financial services security priorities

All industries are dealing with the thorny issue of who comes back to work during the pandemic and who doesn’t, and the return-to-work plans will diverge depending on each enterprise’s needs and culture.

But banks, financial institutions, and many other players in the financial services industry are paying close attention to the security perils of an increasingly remote or hybrid workforce.

In a discussion with two Yubico experts who live and breathe finserv daily, we find out there are a number of top priorities that banks are juggling all at once: reassuring customers that their finances are secure, dealing with employees who may be new to remote work security protocols, and designing secure authentication flows that may not allow mobile phones to be involved. Jim Sandford, Enterprise Account Director and Rob Hemeryck, Regional VP of Financial Services, give us the scoop. 

Q: How have you seen finserv weather the massive pandemic shift to remote work? And how are the banks doing now that many, like tellers, are coming back to the physical branches?

Jim: What I hear from many CISOs is that, despite the initial shock of thousands of staff shifting to remote work, they found most employees were equally, if not more productive at home. So the move back to the office is being done slowly and with more thought. They are still evaluating who really needs to return.

From a financial services security standpoint, of course, having everyone in one building is better because you can control the risks and put in physical and network protocols. But there’s no doubt that a large number of workers will be outside the building moving forward, so multi-factor authentication (MFA) is becoming a top priority if it wasn’t already. 

The second trend is about customer retention. Banks are trying to find new ways to provide value to customers concerned about security, like millennials who are used to doing everything on their phones. All customer bases highly value convenience, so security measures have to be as seamless as possible. 

I work with organizations across the financial services sector, including many large traditional financial institutions. Many of these companies are looking to provide continuous benefits to their customers and are doing so with YubiKeys, not just for their employees, but also to provide to their end users. This means they’re not only getting protection against phishing attacks for their own organizations but giving their customers the same level of security to protect their own accounts. This results in a more positive perception in the marketplace as they keep pace with the innovation of the smaller, more agile financial institutions.  

Q: What are the unique financial services security challenges versus other industries?

Rob: There are many high-security areas of a financial institution where mobile phones might not be allowed because they’re considered data exfiltration devices. So an authentication process implemented for remote employees  — say, authentication using a phone — would not be the best solution for on-site employees or customers going through a high-security process like a loan application or another sensitive workflow. 

When customers are involved, you have to be careful to avoid implementing processes that impose a lot of inconvenience, creating potential backlash.

Q: What’s the best way for the enterprise to communicate their renewed focus on financial services security with customers or stakeholders?

Jim: Banks want to directly address the issues their customers are worried about in the news. Now that we’ve heard so much about high-profile breaches — from large retailers to a host of banks — there’s a danger of data breach fatigue. Meaning that you get used to the idea of a series of breaches and decide to do nothing about it until the next one happens to you. Utilizing modern authentication can position the company and brand identity with greater security. 

Q: How far down the road to passwordless do you think finserv has traveled so far?

Rob: We’re seeing a lot more internal deployments rather than external, consumer-facing systems for now. For consumers you have such a broad range of technical skills, and it requires more effort on education. Those deployments will come in time, because there’s a lot of momentum for large entities to get to passwordless for their users.

The industry recognizes that there are still vulnerabilities in weaker MFA systems, so many CISOs are looking for the “next step” up. 

Read Yubico’s white paper, “Strong authentication for hybrid and remote work in financial services” to learn more about security challenges related to long term hybrid and remote work and contact us to discuss how Yubico can work to secure your institution and customers. 

Talk to our teamTalk to our team

Share this article:


  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST