There are many things that have changed during the pandemic. New habits are being adopted and people are beginning to embrace the changes. Businesses no longer work the way they used to. Many workplaces now prefer flexible workspaces with shared workstations to reduce office rent cost and encourage hybrid working.

Shared workstations are devices that are used by multiple users who can access the same workstation throughout the day. A few examples of workstations are call centers, Point of Sales kiosk, or hotel reception desk. A shared workstation gives employees with the option to work flexibly either individually or as a team.

Shared workstations are often proven to be essential devices for certain industries because of its ease and practicality. Many times, employees in shared workstations also have access to critical and sensitive data, such as customer data, payment, or even health information.

While many industries have been adopting it for quite a long time (such as healthcare, manufacturing, retail, hospitality financial services etc.), the practice is becoming even more widespread after the pandemic in other industries, too.Unfortunately, when it comes to cyber security, sharing does not always mean caring.

Because of its characteristics, shared workstations increase the likelihood of cyber threat. High employee shift rotations, seasonal employees and high turnover is very common in certain industries such as hotel, retail, and health industry.Unhygienic cyber practices such as password sharing and usage of sticky notes containing passwords are contributing a lot to rising cyber threats. The four characteristics of shared workstations which make them an easy access for cyber criminals can be found as below:

 

 

Utilize by multiple users

 

Access to sensitive data

 

Used in high traffic area

Usually prone to unhygienic cyber practices such as password sharing

 

Things to Consider When Choosing Your Authentication Method

Most often than not, companies have to choose between security and user productivity when it comes to cyber risk. CertainMulti Factor Authentications (MFAs)are reliable but are lacking in terms of practicality, which hinder your employees to work productively. The requirement to constantly log into the device and the device’s limitation will hugely impact work productivity. Interrupted device performance such as battery drop must be considered as long-term total cost of ownership, too. Ideally, the MFA that you choose should meet the four criteria for authentication method:

  1. Security

Making sure that the right person will access the right devices and/or application is the first, most important criteria for choosing MFA. In shared workstations, multiple users will be able to access the same devices and companies must be able to differentiate user level based on their access hierarchy to prevent any data leakage.

Admin account or privilege users must be able to access the system using a method that is impersonation resistant. Shared password should be discouraged as it may lead to unauthorized access to sensitive information. Without using a secure tool, cyber criminals have the advantage to hack your company’s critical data.

  1. Efficiency

The major drawback which discourages most people to adopt a hygienic cyber habit is work interruption. Currently, a major percentage of employees (54%) think that 2FA (Two Factor Authentication) such as OTP and push codes interferes with their workflow. Some MFAs increase the number of steps in their authentication system, making it a hassle for employees. You should consider the balance between functionality and practicality before deciding on the right MFA, especially when employees are required to work quickly to respond to customer’s demand.

  1. Reliability

While authentication is very critical, you wouldn’t want to have an authentication method that relies too much on external factor, such as network reception, device battery, etc. Mobile-based authentication methods don’t always provide reliable solutions in an environment where network coverage is almost nonexistent. Employees who have to work in places such as offshore rigs are at risk for not being able to access the system because of network limitation. And when your employees can’t log into the apps or portal that they are supposed to do, you are risking your business.

  1. Cost

Any time a user struggles with mobile authentication, they are not being productive. The time that might as well being spent for working is now spent for login or waiting for a password reset, which is a loss for company. The faster a user can access the system, the better the return on investment.

Yubikey, The Reinvention of MFA (Multi FactorAuthentication)

Now that we understand how shared workstations pose added risk to your cyber security, the next step is to find the best method to secure your sensitive data, even when your company uses shared workstations.

Legacy MFA which relies on password as the first factor will not guarantee that your OTP code or private key is not being intercepted mid-way. Moreover, it is impossible to confirm proof of possession, which means that anyone could disguise as your employee with the stolen OTP code.

Legacy authentication method is susceptible to modern cyber-attacks, including phishing, brute force attack, Man-in-The-Middle attack, malware, and SIM Swapping. Using phishing-resistant MFA is the best way to improve your cyber security. With modern MFA such as Yubikey, authentication can be executed without password, making it much safer to use.

Yubikey is using FIDO (Fast Identity Online) authentication to replace the traditional username and password. The most recent FIDO standard is FIDO2/WebAuthn which uses public key cryptography for high security and the private key that will recognize the real apps or website, making it impossible to hack.

Yubikey also works well with legacy system by supporting multiple protocols such as SmartCard, OTP, and OpenPGP protocols, which enables its users to use a single security key across both legacy and modern systems. Yubikey also does not require any battery or cellular connection, making it ideal to use in network-restricted area. Using its tap and go feature, Yubikey will work seamlessly into your employees workflow with minimum interruption.

To learn on how Yubikey can help you to secure your workstations please click here.