• Contact Sales
  • Resellers
  • Support
Yubico Header Text LogoYubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Affiliate program
  • Contact Sales
  • Events
  • Press room
  • Yubico Blog
  • Yubico Executive Connect
  • About us
  • The team
  • Innovation history
  • Secure it Forward
Easy-to-use, secure authentication

With YubiKey there’s no tradeoff between great security and usability

Why YubiKey
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Proven at scale at Google

Google defends against account takeovers and reduces IT costs

Google Case Study
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Protecting vulnerable organizations

Secure it Forward: One YubiKey donated for every 20 sold

Learn about Secure it Forward
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • YubiCloud
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
One key for hundreds of apps and services

YubiKey works out-of-the-box and has no client software or battery

Yubico protects you
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
See YubiKeys as a Service
YubiEnterprise Subscription delivers scale and savings

Gain a future-proofed solution and faster MFA rollouts

See YubiKeys as a Service
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Secure supply chain
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Call centers
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
The Bridge to Passwordless

Begin the journey to make your organization passwordless

Get the white paper
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Federal cybersecurity requirements

See guidance for CIOs and leaders to prepare for the modern cyber threat era

Get the white paper
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • State & local government
  • Education
  • Financial services
  • Manufacturing
  • Energy & natural resources
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Elections & campaigns
Manufacturing and supply chain security

Authentication best practices for manufacturing using highest-assurance security

Get the white paper
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Phishing-resistant MFA: Fact vs. Fiction

Meet requirements for phishing-resistant MFA in OMB M-22-09 guidelines

Get the white paper
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Secure energy and natural resources from cyber threats

Best practices for phishing-resistant MFA to safeguard your critical infrastructure

Get the white paper
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
BeyondTrust: secured with a subscription

A leader in Privileged Access Management simplifies YubiKey deployment

How they optimized ROI
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
S&P Global Market Intelligence report: old habits die hard

Only 46% of respondents protect their applications with MFA. How about you?

Read the report
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Secure shared workstations against cyber threats

Shared workstations can be secured with phishing-resistant MFA

Get the white paper
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiEnterprise Subscription
  • Works with YubiKey Program
  • Buying and shipping information
  • Security advisories
  • Help center
How to set up your YubiKey

Follow our guided tutorials to start protecting your favorite services

Set up your YubiKey
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Find the best YubiKey for your needs

Take the guided quiz and see which YubiKey best fits your or your businesses needs

Take the quiz
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
Accelerate your YubiKey deployment

Technical and operational guidance for your YubiKey implementation and rollout

Professional Services
  • cyber insurance
  • cybersecurity
  • phishing-resistant MFA
SubscribeStore
  • Home » Resources » Reference customers » Afni case study
    featured customer

    Contact center specialist Afni reduces cyber insurance premiums by 30% with YubiKeys

    Protect against targeted cyber attacks with phishing-resistant MFA
    Reduced support costs
    Cost-effective
    Scalable solution

    Customer engagement specialist Afni strengthens cybersecurity program with phishing-resistant MFA

    Headquartered in Bloomington, Illinois, Afni has been in the business of customer engagement since 1936, building on its history in collections and insurance subrogation to include more comprehensive inbound, outbound, and digital channel services around the world. Afni’s service offerings cover the entire lifecycle of a customer relationship from sales and growth to customer care and retention. As with any business process outsourcing company, Afni is increasingly targeted with sophisticated attacks because of its role as a valued supply chain partner to other organizations, with access to customer data, including systems in telecommunications, insurance, and healthcare. As a result, Afni is constantly re-evaluating its cybersecurity programs to maintain customer trust.

    A little over a year ago, Afni appointed Brent Deterding as their new Chief Information Security Officer (CISO) because he brings nearly 20 years’ experience with a leading cybersecurity organization in areas of threat detection, incident response and security strategy. Working closely with the CEO, Deterding’s approach to risk reduction is to focus on doing the simplest but most impactful things as early as possible to “catch the bad guys early in the kill chain.” For any organization, suggests Deterding, that should begin with multi-factor authentication (MFA).   

    Afni was already doing a lot of great things in its security program, including the deployment of MFA for almost all of its 10,000 global employees—but targeted phishing attacks continued to be a problem. Within his first three weeks at Afni, Deterding prioritized 100% adoption of MFA. Next, Deterding targeted the replacement of legacy authentication methods.

    Legacy authentication such as mobile-based MFA introduces risk when users become conditioned to hitting ‘approve’ for every request to authenticate (MFA fatigue) or are tricked by attacker-in- the-middle (AiTM) phishing attacks. However, the fault for these risks lies not with the user, but with legacy authentication. When it came time to replacing legacy authentication, Afni knew that security keys delivered phishing-resistant MFA—and were immune to attackers intercepting or tricking users into revealing information.

    The YubiKey is a modern, FIDO-based hardware security key that enables phishing-resistant MFA and passwordless authentication at scale. As the only solution proven to stop 100% of account takeovers in independent research, the YubiKey offers strong authentication with a fast and easy user experience and addresses the compliance needs of highly regulated data. Further, the YubiKey reduces risk associated with new ways of working that involve remote or hybrid work environments.

    “With every user having a YubiKey, I don’t have to worry about leakage of credentials,” continues Deterding. “That’s a very, very good place to be as a CISO.”


    Key results:

    • 30% reduction in cyber insurance rates
    • Seamless integration with Microsoft Azure AD
    • Phishing-resistant MFA for access to client data
    Contact Sales
    “In the end, Afni received insurance at a 30% decrease from its previous level. When I’m going down by a third and others are going up by 20% or higher, that’s a really big win,” notes Deterding. “In fact, I estimate our premiums are nearly half of what others are having to pay.”
    Brent DeterdingCISO, Afni

    Cost-effectively meeting new cyber insurance requirements with YubiKeys

    A key driver for Afni to consider phishing-resistant MFA with YubiKeys was the evolving cyber insurance landscape and requirements. The increased volume and severity of cyber incidents had led to increased cyber insurance premiums, as well as new sub-limits and exclusions. As
    insurers better attempted to quantify and control for loss, no longer were passwords acceptable to qualify for cyber insurance. Increasingly, moving beyond passwords towards adopting MFA has become table stakes to qualify for cyber insurance.

    In quoting for cyber insurance renewal, Deterding put together a presentation for a group of underwriters that painted the new picture of risk at Afni. In it, he listed 100% MFA coverage, modernizing MFA with YubiKeys to 100% of employees, 100% device posture management
    through Microsoft endpoint access, 100% endpoint detection and response coverage, and all external vulnerabilities patched within 72 hours—the four pillars of Deterding’s comprehensive “catch the bad guys early” program. While not a comprehensive representation of all the efforts at Afni, these four pillars demonstrated a comprehensive reduction in risk.

    In a market where premiums have been on the rise, not only did Afni secure coverage, but the underwriters were also willing to compete on price. “In the end, Afni received insurance at a 30% decrease from its previous level. When I’m going down by a third and others are going up by 20% or higher, that’s a really big win,” notes Deterding. “In fact, I estimate our premiums are nearly half of what others are having to pay.”

    “I am all about making the adoption of technology as easy as possible. If I can hit the easy button using YubiKeys and also using their subscription model to ensure all my users have YubiKeys, that is a big win for me!”
    Brent DeterdingCISO, Afni

    Accelerated adoption of phishing-resistant MFA at scale with YubiKeys as a Service

    The imperative for phishing-resistant MFA with YubiKeys was clear. Therefore, Afni devised an efficient deployment strategy to set the company and its users up for success. It chose to phase its YubiKey deployment, first to employees who had access to Microsoft solutions or elevated access to systems and customer data, and then expand to their global call center agents.

    With a global network of operations centers and a large remote workforce, Afni wanted the flexibility of YubiEnterprise Subscription, a YubiKey as a Service subscription model that reduces the cost to entry, increases flexibility and helps accelerate the planned rollouts. Thanks to entitlements for replacement keys to cover business churn and the low-cost subscription model, Afni is able to remain agile to accommodate employee turnover or lost/stolen keys without any onerous serial tracking.

    From start to finish, the goal was to ship out and enroll YubiKey 5C NFCs to both user groups with the first group by the end of 2022 and the second phase in 2023. The first phase of deployment helped refine processes and smooth things out around distribution, user training, key enrollment and use. Positive feedback was an enabler of wide user adoption.

    To stick with the theme of “easy,” employee onboarding not only stressed the security benefits of the YubiKey, or that legacy authentication methods would be phased out, but also that work would be faster and easier. “Instead of a long password that you forget sometimes, you type in a four number PIN and touch the YubiKey,” shares Deterding, “It’s quick and easy. The feedback has been very positive.”

    Moving forward, Afni hopes to improve the employee experience even more by removing the need to change application passwords or removing passwords altogether. Furthermore, every employee is encouraged to use their YubiKey for their personal accounts to help build secure habits and goodwill. “We’re helping employees be more secure in their personal lives as well as work, which benefits everyone.”

    The YubiEnterprise Subscription advantages made sense to Deterding, as he looked at the turnover rates of his production employees, who mainly engaged with customers in call centers around the globe. “I am used to subscription offerings in the cloud and YubiEnterprise Subscription has some helpful benefits that just made sense for our needs.”

    “A security key is the ‘Gold
    Standard’ for authentication, something you physically have. For me, the YubiKey was the
    only choice. I didn’t look elsewhere.”
    Brent DeterdingCISO, Afni

    Microsoft and YubiKeys work seamlessly together to reinforce security policies

    The YubiKey is natively supported by Microsoft, enabling easy and secure access to OneDrive, SharePoint and Office365 for all non-production office workers. The YubiKey also secures remote access with phishing-resistant MFA for VPN remote workers.

    After the effort to get users beyond passwords to MFA, and on the path raising the bar for security with 100% phishing-resistant MFA with the YubiKey, the next step for Afni was to enforce new MFA standards by deprecating legacy authentication and only allowing YubiKeys. Afni took advantage of Microsoft Azure AD’s new conditional access features to enforce YubiKey usage for all required applications. Deterding shared a lesson learned in that he should have forced the use of registered YubiKey users right out of the gate, rather than provide a transition period.

    “The fact that I can ensure identity with a physical YubiKey, even for remote workers, is very beneficial for my efforts to reduce risk at Afni.”
    Brent DeterdingCISO, Afni

    Executive support and a trustworthy partner

    Deterding’s vision would not be possible without wide executive buy-in, especially with Afni CIO Mike Schwermin. Mike is a 20-year veteran in the BPO industry and a demonstrated leader in delivering next-generation solutions for Afni. “I’m grateful for the extraordinary support of our efforts in increasing our cyber security from our executive team. Mike and I are in lockstep on enabling Afni to strengthen our security practices.”

    Taking its security seriously and being transparent about its security practices has helped establish Afni as a trustworthy supply chain partner. Further, Afni has found that it has the same roadmap as many of its call center clients who were already deploying YubiKeys.


    Sources

    Afni reduces Cyber insurance premiums with YubiKeys
Yubico Text LogoYubico Text Logo
  • RSS
  • Twitter
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Partner programs
  • Affiliate program
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Professional Services
  • Contact support
Yubico © 2023 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust
We use cookies to ensure that you get the best experience on our site and to present relevant content and advertising. By browsing this site without restricting the use of cookies, you consent to our and third party use of cookies as set out in our Cookie Notice.

PreferencesAccept all
Yubico Privacy and Cookies Policy

Privacy Overview

Yubico.com uses cookies to improve your experience while navigating through the website. When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies.

Click on the different category headings to find out more and change our default settings.

Blocking some types of cookies may impact your experience on our site and the services we are able to offer.
Strictly necessary cookies
Always Enabled

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Functional cookies

These cookies enable the website to provide enhanced functionality and personalization. They may set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Performance cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Targeting cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Uncategorized

Undefined cookies are those that are being analyzed and have not been classified into a category as yet.

Matomo Anonymized Tracking
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
_hjIncludedInSessionSample_8352762 minutesDescription is currently not available.
_hjSession_83527630 minutesDescription is currently not available.
_hjSessionUser_8352761 yearDescription is currently not available.
_schn13 minutesDescription is currently not available.
_scid_r1 year 1 monthDescription is currently not available.
_vis_opt_exp_186_combi3 months 8 daysDescription is currently not available.
_vis_opt_exp_186_combi_choose3 months 8 daysDescription is currently not available.
_vis_opt_exp_187_combi3 months 8 daysDescription is currently not available.
_vis_opt_exp_187_combi_choose3 months 8 daysDescription is currently not available.
_vis_opt_exp_188_combi3 months 8 daysDescription is currently not available.
_vis_opt_exp_188_combi_choose3 months 8 daysDescription is currently not available.
cookielawinfo-checkbox-matomo1 yearDescription is currently not available.
loglevelneverNo description available.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ga_*1 year 1 month 4 daysGoogle Analytics sets this cookie to store and count page views.
_gat_UA-*1 minuteGoogle Analytics sets this cookie for user behaviour tracking.
_hjFirstSeen30 minutesHotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user.
_hjRecordingEnabledneverHotjar sets this cookie when a Recording starts and is read when the recording module is initialized, to see if the user is already in a recording in a particular session.
_hjRecordingLastActivityneverHotjar sets this cookie when a user recording starts and when data is sent through the WebSocket.
ln_or1 dayLinkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
Save & Accept