Back
Published on:
9 January 2023
Author:
TechPath
Usually, when a new technology emerges, most organisations go through a period of careful evaluation and planning. This was, initially, the case with cloud transitions. Businesses were at different stages of the journey, somewhere between dipping a toe in the water via Microsoft 365 and transitioning entire IT environments.
Then a global pandemic struck, and by necessity, everything accelerated. After that instant pivot to enable work from home during lockdowns, there are some security implications that now must be addressed as a matter of urgency.
The good news is that the switch to cloud has largely led to significant security gains. The major cloud vendors can afford to implement top tier security and have the resources to manage it to a level far beyond the reach of any small or mid-sized business. Most cloud products include a range of security features, with more added almost daily.
The thing is, though, we still receive many calls from businesses that have experienced easily preventable breaches, so let’s run through some of the measures you can easily put in place to reduce risk, without a big spend. Most are included with your existing Microsoft 365 licence.
All plans include security features but as you might guess from the name, you get far more features that are designed for business environments with the Business Premium product.
Risk falls sharply when every user is properly authenticated, and this feature can be quickly set up, without costing more than a few minutes of your time. Read our blog to learn more.
These privileged accounts are the keys to your virtual castle, so protect them well. No user should have admin rights on their primary account, because even admins can make mistakes when checking email or casually browsing. Users should only have the access they need for the time they need it – operate a least access possible policy to cut the chances of anything important being breached.
This is enabled by default and allows a document you create to be shared to anyone, which means it could be forwarded to the wrong person. By disabling this feature, you have much more control over where your business data is shared.
Much of your data lives in SharePoint, and it is a practical way to keep your organisation informed. You can set up alerts for suspicious activity, so you will know if someone deletes more than five files, or copies a large amount of data. This can help prevent accidents as well as malicious acts.
Your workforce may use a wide variety of devices, and each represents a potential path into your protected environment, so it is necessary to have robust policies in place. For example, you can require complex passwords, and insist that Windows updates are performed promptly. Endpoints are now the biggest risk, so use the device protection included free in your Microsoft Business Premium subscription to beef up security.
By default, it is possible for a user to set up mail forwarding to another email address, and that might breach your workplace policies. If a hacker gets in, they can also set a forward to their choice of email address, giving them access to company information, and the opportunity to wreak havoc.
In Microsoft 365 Business Premium, you can set rules around your data, like not allowing certain document types to be emailed. You can use this to prevent sensitive information, such as credit cards, Medicare, and licence numbers, from being emailed, cutting an important risk.
Microsoft 365 includes a handy yet under-used tool that assesses your security and provides a score, along with a prioritised list of recommendations to raise your security level. That’s a lot of free insight. Some recommended measures will be easy to follow, others may require a little more expertise.
A common misconception is that someone, somewhere, is backing everything up for you in the cloud, but that isn’t entirely true. Understand what your data loss acceptance level looks like and find a data backup solution you are comfortable with. We like Datto Backupify, because for an affordable price with no lock in contracts, your data is backed up forever and it can be recovered very quickly and easily at a granular level – so if you need some data urgently, while other data can wait, you can prioritise accordingly.
The biggest risk remains human error, with users clicking links and inserting memory sticks among the greatest hazards. A combination of training, both online and in-person, and testing can pay off. That testing should include a targeted phishing campaign to see who clicks – this can help you to know who needs refresher training. As part of any cyber security audit, we also look at physical security; you’d be surprised how many people still put their password on a post-it note by their monitor, and how many visitors are left unsupervised around sensitive information. Better that it is picked up by your technology partner than by anyone else walking by.
Most of these measures require little or no help to set up and they will immediately reduce your risk of a breach. While it is worth investing in data security expertise for the more specialised tasks (hint – a cyber security review gives a lot of consulting input for a modest fixed price), there is plenty you can do yourself to become a less attractive target for hackers.
1/49-53 Allgas Street
Slacks Creek QLD 4127
7am – 5.30pm
Monday – Friday
Copyright © 2021 TechPath Pty Ltd. All rights reserved.