The latest phishing tactics to look out for involve remote access scams. Learn how to protect yourself with tips from Splashtop’s Senior Director of Security and Compliance, Jerry Hsieh.
As cybercrime rings become more organized and sophisticated, all businesses big and small are at risk. Largely because 95% of cybercrimes begin with human error—making phishing scams a popular tactic among cybercriminals. In this blog, we’ll cover a new form of phishing that should be on your radar—remote access scams.
Your security is top of mind for us here at Splashtop. We regularly evaluate suspicious behavior on our systems to help ensure our customers’ security. However, the best thing you can do to protect your organization and your data is to be aware of current cybercrimes and provide frequent cybersecurity training for your employees. One click on a malicious link could put your organization at risk.
What are remote access scams?
The gist: Threat groups are exploiting remote access tools to attempt extortion attacks.
These attacks leverage remote access services to covertly attack victims’ computers. Remote access scams exploit human weaknesses rather than any inherent technological vulnerability. Nevertheless, these attacks can lead to costly and disruptive data breaches or data extortion.
How do scammers get into your computer?
According to Sygnia, new phishing campaigns masquerade as popular subscription services to deceive victims into downloading commercial remote access tools. Bad actors then exploit those tools to deploy malware campaigns and ultimately access the compromised network and data.
User awareness is an integral part of protecting your organization’s data. Each employee needs to be informed and vigilant. Splashtop prioritizes the security of our users and as a precautionary step, we recommend that you evaluate the security of your remote access software.
Security is a top priority at Splashtop
That’s why our products have a robust set of security features including device authentication, two-factor authentication, single sign-on, and IP whitelisting. Each session is encrypted along with all user data, so unauthorized users can’t read it. Splashtop products also have role-based access controls, regular account reviews and logging to keep your team compliant and secure.
Furthermore, Splashtop has partnered with BitDefender to provide users with the ability to protect their managed computers with industry-leading endpoint security technology.
As an additional safeguard, your customized SOS app has a pop-up warning for users to ensure they’re starting a session with a trusted source. Our team reviews every customized SOS account and rejects any that seem irregular. An example of this would be an account trying to access more computers than expected across different geographies.
6 tips to mitigate security risks
As the landscape of cybercrime evolves, Splashtop recommends following these six best practices to mitigate security risks:
1. Provide regular employee training
One click on the wrong link can compromise an entire system. Alerts to new security threats, coupled with regular training and knowledge testing can prevent security breaches altogether. Get started with this phishing tip sheet from the Cybersecurity and Infrastructure Agency (CISA).
2. Prioritize and backup data
Understanding the value of different types of data will help you improve your data security strategy. Determine your most sensitive data, encrypt it and back it up. A frequent backup strategy is essential to protect financial data, intellectual property, source code, and email.
3. Encrypt the most valuable data
This will make it unreadable to unauthorized users. In the event that data is compromised, it can only be deciphered with an encryption key.
4. Patch and update often
Security updates and patches are readily available for everything from operating systems to applications to devices. This step often gets skipped. Don’t leave your organization and employees vulnerable; patch and update everything (operating systems, applications, firmware and devices).
5. Establish endpoint security
An organization’s compromised server usually stems from a compromised endpoint. An endpoint detection and response (EDR) solution that continually monitors all the endpoints and end-user devices can help detect and respond to cyber threats, such as ransomware.
6. Consult experts to help configure your VPN
Traditional VPNs don’t have adequate control over who or what device can connect to the network. There is no standard way to set up, operate, or distribute access, so they’re often exploited. An expert can ensure the access channel is secured to protect data and confidentiality.
Check out Splashtop’s cyber-attack prevention infographic for more tips.
Cybersecurity is never done. It’s everyone’s responsibility to stay informed and up to date on best practices. Here at Splashtop, we conduct regular employee training and tests to ensure everyone is putting these techniques into practice. We strongly encourage you to do the same.
To learn more about Splashtop security, visit our security page. If you have any further questions, please get in touch.