According to Cisco’s 2021 Cybersecurity Threat Trends report, almost 90% of data breaches occur due to phishing[1]. Ironically, last month, Cisco itself experienced a data breach caused by, in part, phishing.
Attackers used a Cisco employee’s compromised credentials to gain access to the company’s VPN through a series of “sophisticated voice phishing attacks” and MFA push acceptance. This incident brings to light just how easy it is for cyber criminals to get an easy foothold into company networks through phishing.
When it comes to cyber attacks, employees remain the #1 vulnerability for businesses. With the continued popularity of remote work, company networks are now employee’s home networks and personal devices are potential entry points for cyber criminals.
Here are 4 cybersecurity tips you can start implementing today to help remote workers navigate this vast and complicated threat landscape.
- Ongoing education: Ransomware attacks succeed due to poor user education and bad practices. Employees should know why they need to practice important security measures and how to do so. Host ongoing training sessions so that they can easily identify common ransomware tactics like phishing emails.
- Enhanced verification and identity authentication: Implement strong device verification by enforcing stricter controls around device status to limit or block enrollment and access from unmanaged or unknown devices. Multifactor authentication (MFA) adds another layer of protection by requiring users to present two or more identifying credentials in addition to a username to gain access to applications.
- Network segmentation is another important security control that organizations should employ. Network segmentation divides a computer network into smaller parts. By controlling how traffic flows among the parts, organizations can limit how far a cyber attack can spread. For example, segmentation keeps a malware outbreak in one section from affecting systems in another section.
- Zero Trust: For a long-term solution, organizations should implement a Zero Trust security architecture. Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated before being granted or keeping access to applications and data.
Zero Trust Virtual Desktop White Paper
Despite another record year of breaches including Solar Winds, Colonial Pipeline, and others, half of U.S. businesses still have not put a cybersecurity risk plan in place[2]. Following the recommendations above are great first steps to building a culture of security and employee awareness.
How Apporto Can Help
Defending against cyber attacks requires a tiered approach to security with a Zero Trust model at the heart of the methodology. Apporto’s virtual desktops are designed with Zero Trust as a core architectural principle.
Contact us today to see how Apporto virtual desktops can help you achieve Zero Trust security.
References
[1] Hamilton, J. (2022, April 14). 10 Cybersecurity Tips for Remote Workers. https://www.itgovernanceusa.com/blog/10-cybersecurity-tips-for-remote-workers
[2] Brooks, C. (2022, June 3). Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know. Forbes.com. https://www.forbes.com/sites/chuckbrooks/2022/06/03/alarming-cyber-statistics-for-mid-year-2022-that-you-need-to-know/?sh=b4ef45d7864a