In the previous article we explored what Cloud computing is and the considerations that you need to determine before making your transition to it. We will now take a closer look at what levels of security it offers, the threats that come with it, and how to combat those threats.
The cyber security of your organisation should be at the very top of your business concerns. With this in mind, it is worth paying attention to the following statement – the Cloud is NOT always backed up and secure. Your provider will, of course, be vigilant and do everything in their power to ensure the safety of your systems but, ultimately, the real responsibility falls to your team; this responsibility creates concerns with remote working, because your team – that still have access to data – could potentially be saving it to a browser that is insecure.
Let’s take a look at some of the ways cyber criminals gain access to your systems.
Ransomware attacks destroy your access to your own data. In the eventuality of a successful attack, the cyber criminal will take control of your system and then ransom your files back to you. They will demand money in exchange for the safe return of access to your data.
Phishing scams involve deception – a cyber criminal will impersonate a known organisation to force the recipient to trust them. The contents of the Email message will force the recipient to act quickly and panic them into disclosing sensitive information. The Email message will come with a link attached that redirects you to a login portal that will grant access to the hacker.
It is essential that your team are educated on the potential dangers that their actions can have. Your team need to trust their instincts – if something doesn’t feel right, it probably isn’t! Instruct them to speak to a superior member of staff if they are unsure.
There are a range of technical measures that can be instigated to better protect your users and data when working online. One of the most famous Cloud platforms in the world is the Microsoft Suite – a popular choice due to its extensive range of tools that provide increased levels of productivity, collaboration, and communication; its tools are also very familiar to many. Microsoft is serious about security – let’s explore some of the technical measures that will help you protect it.
Securing your Microsoft 365 applications
You must address two key areas to reduce risk of data breach and best secure Microsoft 365. They are as follows.
- Technical controls, policies, filters, and defences.
- Policy changes for how users access and use 365.
Technical defences exist within Microsoft 365 to combat different security threats, including:
- The interception or viewing of Email content or attachments by unauthorised parties.
- Spoofing attacks with cyber criminals impersonating your business.
- Phishing attacks being received.
- Malware, Ransomware, and other malicious file attachments being received or downloaded from emails.
Your users are the most important line of defence your organisation has – but, for all their worth, it is often the fact that they are the cause of the breach. They can’t always be blamed though; some attacks are authorised by your team by one simple click of their mouse.
There are a number of risks posed by the way users access and interact with Microsoft 365, that depend upon:
- The care and attention they take when making passwords and whether those passwords are unique to 365 or used as a general password across other services.
- The ability to share files and documents, and with whom.
- The ability to share potentially sensitive information within email messages.
- The level of system access and permissions assigned.
The Microsoft 365 security options.
Reduce the risk of individual user accounts from becoming breached by cyber criminals as a result of exposed credentials on the dark web or due to accounts being secured with only basic passwords that aren’t sufficient to protect your systems.
Overcome the risks
Microsoft 365 define a secure password policy by default which is designed to direct the user to use the most complex password possible. A complex password needs to be very difficult to guess – a collection of random letters and numbers, be of a certain length, and preferably include special characters.
The traditional method to password management was to enforce a policy where users change their password on an arranged time cycle, and those passwords must increase in complexity each time. Unfortunately, in the modern age this system does not suffice – enforcing longer passwords on a cycle simply encouraged users to use old passwords again, which just makes the process pointless.
Multi-Factor Authentication (MFA) / 2-Factor Authentication (2FA) – the better, modern approach
After a user has entered their password MFA, the next step is a second authentication. They secure your account further by requesting the user to input a code that is randomly generated on a cycle. The code is sent to their mobile device or authentication app and sometimes via email. With MFA, regardless of whether they have your password or not, a cyber criminal may not be able to gain entry.
MFA, among other login security best practices, can be enforced for your tenancy through Microsoft 365 security defaults.
Microsoft 365 security defaults
You can activate security defaults that enforce a number of policies automatically by defining security parameters that apply to all of your users, no matter where they are on the planet.
At no extra cost Security defaults are available to all users of Microsoft 365 provided you are an organisation that utilises at least the free tier of the Azure Active Directory service.
Security defaults include:
- Requiring all system administrators to follow MFA.
- Blocking legacy forms of authentication.
- Requiring users to perform MFA procedures upon certain actions.
- Requiring all users to register for MFA.
How do you implement security defaults on Microsoft 365?
1) Visit your Azure Portal (https://portal.azure.com).
2) From the main menu scroll to ‘properties’. Click ‘Manage security defaults’.
3) Move the slider across to ‘Yes’.
Once having taken control of your organisation’s cyber security when using the Cloud you can relax in the certainty that your team is prepared and equipped for any eventuality regarding cyber security.
Your Success is Our Success
We’re a young, fun, and enthusiastic bunch of down-to-earth people that strive to relieve our clients’ IT headaches. We love to engage and create enjoyable relationships with our clients, but ultimately we’re here to help your business to run smoothly and securely. Our team has many years of experience in IT Consultancy, Website Development, Email/Web Hosting, Server Builds/Installations/Maintenance, Network Issues and IT Security … and more! Contact us now to find out how we can help you.