In the previous article we explored how any and every business could fall victim to a cyber attack no matter its size, and that smaller businesses are more likely to be attacked than larger ones because of their typically lack lustre and ill-equipped defences. We also explored some of the most common methods used by cyber criminals to attack your systems.
In the following article we will take a closer look at ways of protecting your systems to prevent a breach from being successful.
Securing your Microsoft 365 ecosystem
When considering the security of 365 there are two areas that need to be addressed to guarantee that you are as secure as you possibly can be. They are as follows:
1. A policy around the correct – and most importantly – safe use of Microsoft 365.
2. Implementing technical controls and defences in your organisation.
Technical defences will help you to combat a variety of different cyber threats. They protect against your domain becoming a victim of a ‘spoofing’ attack (with cyber criminals purporting to be your business) and Phishing attacks being received or having their links clicked upon within emails. They also protect against any Malware, Ransomware or any other malicious file attachments being received or downloaded from malicious emails. As well as assisting with access control, they stop email content or attachments from being viewed by unauthorised parties.
Your users are the most integral link in the defence of your systems, and occupy both the first and last line of defence. The fragility of technical measures, and the fact that a simple click is enough to render your computer systems obsolete, mean that some of the risks your users pose in the way they interact with the Microsoft 365 ecosystem need to be addressed.
The way staff interact with IT can affect their ability to share files and documents, potentially sensitive information, and email messages. It can also affect the level of system access and permissions that are assigned, and the complexity of passwords.
Microsoft 365’s security options
Let’s explore some of the security features of Microsoft 365, the risks that they reduce, and how to implement them effectively in your organisation.
Reducing the risk of individual user accounts getting breached due to exposed credentials on the dark web or because of poor, common passwords is essential.
The risks overcome
Microsoft 365 have their own policy to define a secure password. Your password should be as complex as possible, should not be easily guessed, of a relatively substantial length, and be comprising of a random mixture of letters, numbers, and special characters.
Password best practice has changed over recent years. The traditional approach users were directed to take was to change their passwords often – usually on a cycle of days or weeks – and adopt passwords of ever greater length.
Most have changed this system realising that enforcing longer passwords on an agreed cycle doesn’t always mean they are going to be more secure. Some organisations realised that it simply encouraged users to use old passwords over again – all be it in an abbreviated or slightly changed version of the original. This makes the whole exercise not just time-consuming, but also counterproductive as the account is no more secure than it was at the beginning of the exercise.
MFA (Multi-Factor Authentication) is a very popular method of ensuring good password practice. You may have heard of 2FA (2-Factor Authentication) before - MFA is another step up from that. It further secures accounts by requesting a code to be inputted by the user that changes on an automatic cycle (every few seconds or minutes). The code is accessible on their mobile device through a text message or app - in this way, your security is layered by requiring users to access multiple devices before being granted access. If a cyber criminal somehow has the password to your main account, they will still need access to your device to get access. MFA can be enforced in the Microsoft 365 security defaults.
Microsoft 365 security defaults
Microsoft 365 security defaults define security parameters for all of your users no matter their geographical location, and can be activated to enforce a number of procedures automatically. Microsoft provide security defaults at no extra cost if you utilise at minimum the free tier of the Azure Active Directory service.
Let’s look at what the security defaults include:
• All users are required to register for MFA
• All system administrators are required to perform MFA
• Users are required to perform MFA actions upon certain previous actions
• The blocking of legacy forms of authentication.
How to Implement the Security defaults –
1) Visit your Azure Portal (https://portal.azure.com)
2) From the main menu scroll to ‘Properties’
3) Click ‘Manage security defaults’
4) Move the slider across by clicking ‘Yes’.
After having done this, the next time your users log in they will be required to activate MFA on their accounts. They can do this by proving their identity through a mobile number or by selecting an authentication app to use on their device, all of which is an easy process and is worth the small amount of time spent to ensure cyber security.
We hope that these articles have opened your eyes to cyber threats, the realisation that no matter the size of your organisation you are not immune to them, the methods criminals use to cause problems, and the tools and procedures you can implement to ensure they are not successful.
BCNS make business easier and more cost-effective in guaranteeing that you and your team are always connected to each other and your clients. Our team of experts will assist you throughout the transition to be sure you achieve exactly what you desire – at the same time we can reduce your expenses and improve your security as well as performance! Contact us now and find out how we can help you with your business communications and move into a more productive future.