In our first piece in this series we outlined what the cloud is, the benefits it can offer and how to get started with verifying that it is the right solution for your business. In this piece, we discuss the security aspects of the cloud and smoothly transitioning to it, with a particular focus on configuring and securing a Microsoft 365 setup as an example.
What Is Cloud Security?
Using cloud computing solutions is generally a very safe practice for businesses but as with any solution, it is not perfect in and of itself. Therefore, it’s important to ensure that it is implemented and configured in a way that empowers the security of your business. For example, remote working offers many benefits, but also opens up some additional vulnerabilities, such as the use of personal devices to access company networks, and the use of home routers to connect with them.
Cloud security involves implementing policies and measures that help your business to keep its cloud systems and infrastructure secure. We will introduce you to some of these shortly, so that you know how to enhance the protection of your business.
Let's look at some of the methods used by cybercriminals to access your systems.
The purpose of ransomware is to try to extract a payment from your business by preventing you and your team from accessing its data. Ransomware prevents access to company resources by encrypting them; the cyber criminals will then demand a payment in exchange for the safe return of the information (which is never guaranteed!).
Phishing & Smishing
Phishing scams involve a cyber criminal contacting company users via email (phishing) or text (smishing) in order to get them to undertake an action, such as clicking a malicious link or handing over sensitive information. To do this, they will pretend to be an authoritative figure in the organization to create trust, and then use the request to create a sense of urgency.
A key way to defend your business against these kinds of attacks, is to give them user awareness training so that they know how to identify phishing and smishing attempts, as well as how to deal with them.
Cyber criminals may attempt to use automated systems to try to crack passwords for user accounts, enabling them to gain access to a company’s cloud systems (e.g email software or a cloud file storage solution). For this reason, strong password practices and managed access permissions will be crucial to preventing these risks from causing harm and mitigating them if they ever do occur.
When operating online, a variety of technical precautions can be taken to safeguard your users and data. The Microsoft 365 platform is one of the most well-known cloud platforms in the world. It is a popular option because of its broad selection of tools, which boost productivity, collaboration, and communication. Let's examine some of the technological techniques that will help you safeguard your business on this popular platform.
Securing your Microsoft 365 applications
You must address two key areas to reduce risk of data breach and best secure Microsoft 365. They are:
Technical controls, policies, filters, and defenses.
Policy changes for how users access and use 365.
Technical defenses exist within Microsoft 365 to combat different security threats, including:
The interception and viewing of email content and attachments by cyber criminals.
Phishing attacks with cyber criminals impersonating your business.
Malware, Ransomware, and other malicious file attachments being received or downloaded from emails.
Your users are the most crucial line of defense your company has, but despite their importance, they frequently contribute to breaches. There are a number of risks posed by the way users access and interact with Microsoft 365 that depend upon:
The care and attention they take when creating passwords and whether that password is unique to 365 or used as a general password across other services.
The ability to share files and documents, and with whom.
The ability to share potentially sensitive information within email messages.
The level of system access and permissions that are assigned to users.
In short, if users are using weak passwords, can access documents beyond a ‘need to know’ basis, and are able to share these documents with anyone, this all presents a higher risk to your business. With this said, let’s examine some key features you can implement to protect your business on Microsoft 365.
Some Microsoft 365 Security Features that you can Implement:
By default, Microsoft 365 establishes a safe password policy and is made to encourage users to choose the strongest passwords they can. Simple passwords can be cracked by cyber criminals, so with this feature, your users will be made to create longer passwords that involve special characters and numbers.
Not only this, the passwords can be made to regularly require updating, which will refresh the security of your users’ login credentials on a regular basis. To help with managing the creation and remembering of passwords, a password management tool can be used.
Multi-Factor Authentication (MFA) and 2-Factor Authentication (2FA)
After entering a password successfully, the user is prompted in the default MS 365 settings to create a multi-factor authentication device that they can use to verify their identity. For example, a user may login via a computer and then get a code texted to their phones. The value of this is that even if a cyber criminal does have access to login credentials, unless they have access to the second device, they will not be able to login and get access to your data.
Through Microsoft 365 security defaults, MFA and other best practices for login security can be made mandatory for your tenancy.
Microsoft 365 security defaults
By setting security parameters that apply to all of your users, everywhere on the earth, you can enable security defaults that automatically enforce a number of regulations. If your company uses at least the free tier of the Azure Active Directory service, you can get Security defaults that are available to all Microsoft 365 users at no additional cost. These include:
Requiring all system administrators to follow MFA.
Blocking legacy forms of authentication.
Requiring users to perform MFA procedures when they do certain actions.
Requiring all users to register for MFA.
Managed IT Services
AsiaCloud Solutions provides high-quality, reliable, and cost-effective Managed IT services to help your organization succeed with IT. We offer a combination of enterprise-grade technology along with a fast, scalable, personalized service. We provide world-class IT that you can rely on at affordable prices, with our specialists supporting you with a proactive service from right here in Singapore.