How to keep public safety and election operations running when emergencies arise Public sector agencies provide critical services and perform essential functions that citizens depend on every day as well as during emergencies. Continuity plans ensure that the essential functions of agencies stay operational if a natural or manmade emergency should occur. While it’s difficult […]
Keep employees educated & customers armed with precautionary network safety tactics
A handful of people know that October represents more than just a time dedicated to jack-o-lanterns, costumes, and Halloween lore. October is also the month chosen by the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) to raise awareness about the importance of cybersecurity. The effort is meant to inspire people throughout the country to be safe and secure online. The overarching theme of this initiative is to encourage the idea that cybersecurity is a shared responsibility; everyone should be aware of the risks and use good judgment while online to combat the ongoing threat of phishing attacks, malware, and other security breaches that occur year-round.
Cradlepoint follows the shared responsibility model inspired by the DHA and NCSA closely by making truth, disclosure, and the transparency of known vulnerabilities foundational pillars in our security operations.
Truth, Disclosure & Transparency
Cradlepoint is committed to a high standard of openness and transparency concerning security and expedient mitigation to security issues. As part of our vulnerability management, it is a priority to inform partners and customers when the Cradlepoint solutions they utilize are vulnerable. We encourage security researchers, customers, partners, academia to continually test and disclose security vulnerabilities to us. This allows us to stay on top of known vulnerabilities, so the responses and fixes can be rapid and more effective for Cradlepoint’s customers.
Keeping Employees Safe
According to PhishMe, 91 percent of cyberattacks start with a phishing email. The emails are designed to trick employees into clicking an infected link or opening an infected attachment. The email will usually look like it’s from an organization that the employee would recognize and assume was real.
Additionally, according to Verizon’s 2018 Data Breach Investigation Report, pretexting is a similar social attack but is somewhat more involved. In this scenario, the criminal emails, calls or even visits an employee in person and engages them in conversation to fool the victim into providing the attacker with credentials, or other sensitive data, with which they can launch an attack.
Cradlepoint focuses on a few different methods to help our employees stay educated and aware when it comes to cybersecurity such as mandatory education every year for security awareness training and the use of multifactor authentication.
With the increasing value of usernames and passwords on the black market, multifactor authentication is an underrated end-user security strategy. By requiring users to present two pieces of identification — one being something you know (a username or password) combined with something you have in your possession (authentication code on your phone) — at each login, multifactor authentication provides an added layer of safety even if employees credentials are compromised.
Verizon’s Data Breach Investigation Report backs the value of multifactor authentication and describes the use of default or easily guessable passwords “as popular as tight rolling your jeans.” The report expresses that no matter who administers a company’s POS environment (whether in-house or outsourced), they should be required to use two-factor authentication.
Ongoing Cybersecurity Education
Cradlepoint conducts regular security training as well as routine security audits to lessen the effectiveness of phishing kinds of attacks and the overall consequences of cybersecurity. According to Verizon’s report, in 2018 we had more than 53,000 incidents and 2,216 confirmed data breaches. There is a difference between incidents (a security event that compromises the integrity, confidentiality, or availability of an information asset) and breaches (an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party).
Protecting applications, collaboration, and connected technologies across an ever-expanding network attack surface is essential for IT organizations. A modern mobile network solution needs to provide comprehensive edge security capabilities that protect local users and endpoint devices, the WAN, and cloud communications with access controls, FIPS-certified data encryption, IoT device isolation, and Internet threat management.
Cradlepoint has partnered with the best-in-class cloud security providers, Z-Scaler, and Webroot to provide Internet security, leveraging URL filtering, blocking of web-based threats including malicious content, botnets, advanced persistent threats, browser exploits, and phishing attacks.
Customers may also utilize Parallel Networks — or “air-gapped” networks — with secure LTE routers. This strategy keeps critical applications holding sensitive data physically separated from noncritical applications to help mitigate the risks of pivot attacks. Many high-profile data breaches in recent years were pivot attacks, where hackers breached an easily accessible part of the network, then moved from there into an area where sensitive data was stored.
From network architecture to end-user caution, it takes a variety of diligent efforts to keep an organization’s network secure.
To learn more about Cradlepoint and network security, view our webinar, “Flexible Cyber Threat Intelligence at the Network’s Edge.”Back to Blog