On Wednesday, 30/09, and Thursday, 01/10, we hosted two online Brekkie Power-hours covering the topic Cyber Security in flexible workplaces. Both sessions were a complete success with lots of positive feedback from participants. Zubair, our Security guru, was in charge of the presentation and responsible for translating a technical and complex topic into plain English with actionable steps. Not an easy task, but he did a great job, as usual, so we think it’s worth sharing his tips and recommendations.
Security has evolved
In the past, when we talked about security, we’d normally refer to the firewall or anti-virus and the measures you had in place for everything related to infrastructure. Nowadays, security has evolved and there are many other factors to consider with people working remotely, on their own devices and in multiple cloud services. With so many gateways for attackers to target your organisation, organisations struggle to keep on top of the new and creative ways attackers use to get through and compromise your business.
5 basic layers of protection
We have identified 5 basic layers of protection that almost every business can relate to. Focusing on these 5 layers and covering the essentials of these layers are a great start to differentiate your organisation from an easy target.
Zubair covered each individual layer and divided the security measures between “well-known”, such as anti-virus and anti-spam, and “not so well-known” such as enabling conditional access. He also made the analogy of security to the door that you use to protect your business. If you own a business and you get broken into, the first thing you’re probably going to look at is how they got in or what was taken, so you the first step would be changing the type of lock, put up a steel door or get a better alarm system.
The same goes for Cybersecurity – It all depends on what you’re trying to secure, how much it’s worth and how much you would like to spend keeping it safe. In each of these layers, some protection measures may be similar to that steel door that may not be required for you, however, some of the items may be that basic lock you put on the door which is the minimum security requirement.
Security essentials and advanced options
- Anti-Spam / Anti-Phishing – consider whaling, phishing, and spear-phishing attacks
- Malware Attachment Scanning
- Unsafe Link detection
- Email Domain Security (SPF/DKIM/DMARC)
Not so well-known
- Malicious Outlook Rule Detection
- Controlling security and policies for the devices that corporate emails connect to (especially for personal devices)
- Web Threat Protection
- Web Content Protection
Not so well-known
- Browser Management
- Plug-In Management – Do you manage browsers and add-ons that are used in your organisation?
- Having a Corporate Application Layer Firewall.
- Securing your remote access into your network (Secure Gateway)
- System updates and vulnerability management
- Data Redundancy and Resiliency – are all your cloud applications backed up?
- Network Policy and Access Rights Management – do you keep track of third parties that have access to your data?
Not so well-known
- Monitoring and mitigating Software Supply-Chain Attacks
- Cloud Application Security
- Anti-Virus and Threat Protection
- Operating System Patch Management – Can your IT Dept report on which computers are missing patches?
- Vulnerability Detection and Remediation
Not so well-known
- Application / Software Control
- Peripheral Control
- Access Control
- Data Protection
- Identity and Access Management (MFA) – This is the most effective way to improve your security.
- Conditional Access and Geo Blocking – Are there countries you will likely never login from?
- Password Management and Policy – Banning common passwords and implementing password complexity
Not so well-known
- Security Awareness Training – Do your users know how to spot a phishing email or how to avoid Business Email Compromise?
- User Risk and Sign-in Risk Management – Are your credentials on the dark web or part of a recent breach?
Cyber Security with Microsoft 365
The Microsoft 365 suite offers powerful security for your environment as part of the flagship Microsoft 365 Business Premium Product, this includes conditional access, mobile device management and password protection. One of the key security components in the Microsoft 365 Business Premium is the Advanced Threat Protection for SharePoint, OneDrive, and Teams. This means that the software scans for malware in documents/files uploaded or shared in those apps. If you want additional security instead of paying for the expensive “all in one” license from Microsoft 365 E3 and E5, you can purchase only the Enterprise Mobility Suite (EMS) E5 license. This is an add-on that will:
- Upgrade your conditional access to also monitor your users for compromises on the dark web.
- Give access to cloud app security, which allows you to map out your users’ cloud usage for services like Dropbox and Salesforce, and create policies to manage the usage of these.
When asking for a recommendation of which license your business should have, Zubair goes back to the steel door analogy. Most businesses get what they need from the Microsoft 365 Business Premium, however, if you want an extra and more advanced layer of protection, then you should consider the EMS E5 add-on. Important to remember that Not-For-Profit organisations get a large discount on Microsoft 365 licensing. If you’d like to know more about the options available, contact us and we can go through what licenses would work for you.
How Bremmar supplements Microsoft 365 security
We’d like to bring attention to the following:
Cyber security awareness training
- Run a 3-month campaign to simulate phishing attacks
- Get a report with a summary of who clicked and exposed the business to an attack
- Receive simple training videos, emails, and infographics to educate your users
Microsoft 365 Security Assessment
- Perform a complete Microsoft 365 security review – and beyond!
- Get your Microsoft 365 secure score report
- Know recommendations to improve your security and best practices
Microsoft 365 backup
- Protect your business from data loss by human error (deletion of files)
- Secure your business in case your data gets compromised by malware
- Have peace of mind knowing that everything within Outlook, Teams, SharePoint, and OneDrive is backed-up. Same goes for G-suite.
How can we help you?
Bremmar are experts in remote working initiatives, security and digital collaboration processes. As accredited Microsoft Gold Productivity Partners, we can help you and your team leverage the power of the Microsoft 365 Stack to work smarter. We manage IT services for a number of NFP, Aged Care, Engineering, Mining and Construction organisations and understand the unique needs of these sectors. Why not set up an initial meeting to learn more? Call us on 1300 991 351 or email email@example.com