News & Views
Yubico comments on Minecraft
With on and off restrictions still ongoing across the country, it’s likely that more children are borrowing their parents’ old unpatched laptops and downloading or signing in to a half-dozen new learning apps. Meanwhile, many parents are logging into the same learning apps from their corporate laptops, or checking their work email from a personal device. With remote work and online learning continuing households will be using both personal and work devices to carry out business and school activities making them ripe for successful social engineering and phishing attacks that give hackers an invite right into your corporate data.
Yubico invented the world’s first FIDO security key for consumers and businesses alike – which is now securing online logins for millions worldwide. We asked Jerrod Chong, Yubico’s Chief Solutions Officer at Yubico about the steps organizations should take to protect against malware and cyber security breaches as the line between home and work becomes increasingly blurred.
“As the traditional work-life balance continues to shift, organizations need to be certain that the person logging into a company-issued laptop is actually an employee and not one of their children trying to complete an online assignment. In the same way, IT professionals need to be sure that a normally security-cautious accounting employee isn’t accessing the company’s finance system from the same device that someone else in their household used to play Minecraft the night before. To put it simply, an employee’s family members should now be considered your users too."
“This merging of home and work means that if a hacker already has access to a user’s personal account, like a learning app or a gaming account, there's more of an opportunity to also gain credentials to a corporate account. A phishing attempt can be as simple as a password reset request that a distracted parent or child could easily fall for. Furthermore, sharing devices and widespread hybrid learning models can be confusing and unfortunately, hackers thrive off of the chaos. "
“As remote work and school is our current reality, organizations must change the way they approach security. Hackers will always take the path of least resistance to gain access to the corporate network and now, that path might just be your VP of Sales’ 10 year old daughter’s Minecraft habit. To remain secure, enterprises must adopt a zero trust mentality and authenticate every single user, every single time, on every single service. This must be done with a form of strong authentication that cannot be spoofed by email phishing attacks or man-in-the-middle attacks, and for productivity’s sake, must be seamless to the user.”