Before going remote, a large legal firm verified requests for confidential information, passwords, and financial information in person as a security measure. After the transition to a remote workforce, they saw a large increase in phishing and advanced social engineering attacks aimed at their organization and competitors in the space. In some cases, these threats bypassed corporate controls and allowed to send text messages and emails to personal accounts.
SOLUTION
To protect users and their data, a security solution comprising of various components was implemented.
1. Security Awareness Training – An online educational series was sent to employees educating them on acceptable use policies, social hacking, appropriate email behavior, and malicious email attachments. Users that scored poorly on the quizzes received additional training and potential high-risk employees were identified for IT follow-up.
2. Email and Content Security – Aqueduct implemented additional security software to increase the level of protection and prevent impersonation attacks. Emails originating outside of the organization were clearly displayed to ensure cursory glances of emails on mobile devices were quickly flagged for end users. Additionally, Aqueduct added DNS-layer security to block unwanted or malicious content.
3. Multi-Factor Authentication (MFA) & Single Sign-on (SSO) – To eliminate password theft and confirm users’ identities, the company implemented Cisco Duo.
With a greater security posture and integrated solutions, the customer saw a significant reduction in vulnerabilities and now has greater control and visibility. There was a 95% reduction of attacks making their way to end-users and the overall risk of it leading to an exploit was near zero.
We will work with you to find the perfect solution to your technical challenge, all for free.