Minecraft or maths lessons: which is a bigger risk to your security? - Yubico comments
October 2020 by Jerrod Chong, Yubico’s Chief Solutions Officer,
With on and off restrictions still ongoing across the country, it’s likely that more children are borrowing their parents’ old unpatched laptops and downloading or signing in to a half-dozen new learning apps. Meanwhile, many parents are logging into the same learning apps from their corporate laptops, or checking their work email from a personal device.
The half-term break likely saw higher numbers of school children logging in to these same devices to complete homework or play video games. As remote work and online learning continues, households will be using both personal and work devices to carry out business and school activities. Because of this, successful social engineering and phishing attacks are more likely to give hackers an invite right into your corporate data.
Yubico invented the world’s first FIDO security key for consumers and businesses alike – which is now securing online logins for millions worldwide. Jerrod Chong, Yubico’s Chief Solutions Officer, has made the following comments about the steps organisations should take to protect against malware and cyber security breaches as the line between home and work becomes increasingly blurred:
“As the traditional work-life balance continues to shift, organisations need to be certain that the person logging into a company-issued laptop is actually an employee and not one of their children trying to complete an online assignment. In the same way, IT professionals need to be sure that a normally security-cautious accounting employee isn’t accessing the company’s finance system from the same device that someone else in their household used to play Minecraft the night before. To put it simply, an employee’s family members should now be considered your users too."
“This merging of home and work means that if a hacker already has access to a user’s personal account, like a learning app or a gaming account, there’s more of an opportunity to also gain credentials to a corporate account. A phishing attempt can be as simple as a password reset request that a distracted parent or child could easily fall for. Furthermore, sharing devices and widespread hybrid learning models can be confusing and unfortunately, hackers thrive off of the chaos. "
“As remote work and school is our current reality, organisations must change the way they approach security. Hackers will always take the path of least resistance to gain access to the corporate network and now, that path might just be your VP of Sales’ 10 year old daughter’s Minecraft habit. To remain secure, enterprises must adopt a zero trust mentality and authenticate every single user, every single time, on every single service. This must be done with a form of strong authentication that cannot be spoofed by email phishing attacks or man-in-the-middle attacks, and for productivity’s sake, must be seamless to the user.”