The simplest way is to ascertain and check administrative privileges for your company. You may limit personnel entry or demand two [authentication] measures before they go there. Lots of providers will even outlaw particular sites that workers can’t go visit, so it can make it harder for getting phished. ZDNET's https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network