Empowering Vulnerable Workplaces with Phishing-Resistant MFA Is The Key To Online Security
by Geoff Schomburgk, Asia Pacific & Japan Vice President for Yubico
As organisations continue taking action to safeguard critical infrastructure and increase employee awareness of cybersecurity risks, phishing attacks targeting stolen login credentials through email or text continue to remain the top lucrative attack vectors for cybercriminals.
Now more than ever, the security of sensitive information from these attacks is critical, especially in workplaces where data flows freely and is accessed from various devices and shared workstations across different locations. Cybercriminals are capitalising on the vulnerabilities this scenario presents to infiltrate organisations, compromise their data and potentially impact their customers’ data.
Phishing attacks pose a significant threat, and workplaces with shared workstations are especially vulnerable. The Verizon 2023 Data Breach Investigations Report stated that human-related factors influenced 74% of breaches. Therefore, to fortify the security of services like email, workplaces should consider implementing phishing-resistant multi-factor authentication (MFA).
Understanding the phishing threat and risks to shared workstations
Phishing attacks are deceptive attempts by cybercriminals to trick individuals into revealing confidential information, such as usernames, passwords and financial details. The use of Artificial Intelligence (AI) makes these attacks even more convincing, often taking the form of seemingly legitimate emails, complete with the correct logos and sender names. Unsuspecting employees may click on malicious links or download harmful attachments, inadvertently granting attackers access to their organisation’s sensitive data.
Workplaces with shared workstations, such as coworking spaces, public libraries, hospitals, schools and universities, face unique challenges. The users of these spaces often access their email accounts and other online services from various devices, each with its own level of security. This variability in device security can create weak links in the cybersecurity chain, making it easier for phishing attacks to succeed.
In these shared workspaces, the devices available for use can vary significantly in terms of security. Some users might bring their own laptops, tablets or smartphones, which may or may not be adequately protected against phishing attempts. This inconsistency makes it challenging for these organisations to enforce uniform security policies for devices accessing their environment.
Shared workspaces often host a rotating cast of users, including freelancers, remote workers and temporary staff. This high turnover rate makes ensuring that every user is adequately trained on phishing threats challenging, leaving these organisations more vulnerable. It’s also not uncommon for users to share devices or login credentials, further compromising security efforts. This can lead to unintended exposure of sensitive information and an increased risk of falling victim to phishing scams.
Empowering Workplaces with Phishing-Resistant MFA
Organisations should consider empowering their employees and users with passkeys for phishing-resistant MFA to address these unique challenges, enhance cybersecurity and protect digital identities in shared workstation environments. Passkeys can be hardware security keys, like a YubiKey or copyable.
Encouraging the use of phishing-resistant MFA adds an extra layer of security. Even if attackers manage to steal login credentials, they won’t be able to access the account without the correct passkey. Alongside passkeys, organisations should invest in user education and training programs. Informing users about the dangers of phishing attacks and how to recognise them is essential for strengthening the human firewall.
Organisations can implement access control policies that tailor access privileges to individual users and devices. This granular control ensures that only authorised employees can access sensitive information using their passkey to authenticate themselves.
The Takeaway
In a world where data breaches can have devastating consequences, phishing remains a significant concern for all organisations, especially those with shared workstations. The risks associated with these environments are unique and require a proactive approach to security for high-risk targeted services like email, which differs from most corporate environments.
Fostering a human-centric approach to cybersecurity by encouraging the adoption of passkeys will help these organisations protect their environment against evolving threats and safeguard their sensitive information. This means empowering workplaces with phishing-resistant MFA as a crucial step in mitigating these risks because these robust authentication methods organisations will significantly reduce their vulnerability to phishing.
Organisations have to take responsibility for protecting their sensitive information and their users. Combining hardware solutions with comprehensive user training programs creates a formidable defence against phishing threats and these types of organisations can empower their users to navigate the digital world securely, ensuring email security remains a top priority.