Yubico’s Chad Thunberg has some handy security tips for organizations that are trying to adjust to a remote work environment in response to the COVID-19 pandemic. The Chief Information Security Officer (CISO) notes that many organizations and employees have never had to address this particular set of problems, and that they should be especially wary during the transition because cybercriminals will try to take advantage of the unprecedented disruption.
With that in mind, Thunberg has several recommendations for organizations that want to protect their assets. Most notably, he emphasizes the importance of strong multi-factor authentication for anyone that needs access to sensitive materials. He also warns that behavior-based detection software may not be as effective in the short term, at least until those systems can be reconfigured to monitor the new environment.
In the meantime, companies should expect to see an increase in social engineering attacks. Many of those attacks will be directed at support personnel, who are currently fielding more calls from legitimate employees who are trying to get set up for remote work. Unfortunately, the high volume also means that fraudsters are more likely to go unnoticed, and many of them will use that opportunity to capitalize on human error during a time of crisis.
That’s why Thunberg advises companies to maintain endpoint security, and to back up their systems as frequently as possible. Endpoint best practices like software updates and strong authentication are more important when employees are using personal devices in an unsupervised home environment. Automated Backups, meanwhile, will ensure that the organization still has access to its files if an employee falls victim to a ransomware attack.
Given the level of disruption, it will be extremely difficult for any company to fend off every fraudster. Thunberg consequently expects to see an uptick in stolen credentials and account takeover attacks, but suggests that companies that follow good security protocols should be able to weather the storm and maintain their operational capabilities.
Yubico itself announced new YubiEnterprise Subscription and Delivery Services shortly before the onset of the pandemic. The Delivery Service may be beneficial for companies that want to send YubiKeys to their remote employees, although the service was not scheduled to launch until the second quarter of 2020.