A smooth transition to the Cloud

Now that we know what Cloud computing is and the factors you need to take into account when considering a transition to it, we need to explore the security aspects of it, the threats that come with it, and how to combat those threats to mitigate them in the best way possible.

Cloud security

You know how important the security of your organisation is – it should be the number one concern you have. Therefore you need to pay attention to this – contrary to popular belief, the Cloud is NOT always backed up and secure. Yes, your provider is, of course, vigilant, but the main responsibility falls to your team – this is one of the only problems with remote working, in that your team still have access to that data and could potentially be saving it in a browser that is insecure.

Let’s take a look at some of the ways cyber criminals gain access to your systems.

Ransomware

Ransomware is designed with the intention of restricting your access to your own data. It does this by encrypting your files. The aim of the cyber attacker is to hold the ‘keys to the kingdom’ and then ransom your files – demanding money in exchange for the safe return of access to your data.

Phishing

Phishing scams involve deception – a cyber criminal will impersonate a known, established organisation to encourage the recipient to trust them. The contents of their message will force the recipient to act in earnest and force them into panic and disclosing sensitive information. The message will come with a link attached that redirects you to a login portal that will grant access to the hacker.

Your team must be educated on the potential dangers that their actions can have when working online. Teach them to trust their gut instincts – if something doesn’t seem quite right to them ensure they speak to a superior before going any further.

There are a range of technical measures that can be taken to better protect your users and data when working online. One of the most famous Cloud platforms in the world is the Microsoft Suite – a popular choice due to its extensive range of tools that provide increased levels of productivity, collaboration, and communication – its tools are also very familiar to many.  Microsoft is serious about security – let’s explore some of the technical measures that will help you secure it.

Securing your Microsoft 365 applications

You must address two key areas to reduce risk of data breach and best secure Microsoft 365. They are as follows:

• Technical controls, policies, filters, and defences.
• Policy changes for how users access and use 365.

Technical defences

Technical defences exist within Microsoft 365 to combat different security threats, including:

• The interception or viewing of email content or attachments by unauthorised parties.
• Spoofing attacks with cyber criminals impersonating your business.
• Phishing attacks being received.
• Malware, Ransomware, and other malicious file attachments being received or downloaded from emails.

The Users

Your users are the most important line of defence that your organisation has – but, for all their worth, often they are, in fact, the cause of the breach. They can’t always be blamed though; some attacks get authorised by your team by one simple click of their mouse.

There are a number of risks posed by the way users access and interact with Microsoft 365 that depend upon:

• The care and attention they take when creating passwords and whether that password is unique to 365 or used as a general password across other services.
• The ability to share files and documents, and with whom.
• The ability to share potentially sensitive information within email messages.
• The level of system access and permissions assigned.

The Microsoft 365 security options

Login security

The risks

Reduce the risk of individual user accounts from becoming breached by cyber criminals as a result of exposed credentials on the dark web or due to accounts being secured with only basic passwords that aren’t strong enough to protect your systems.

Overcome the risks

Microsoft 365 define a secure password policy by default and is designed to direct the user to adopt the most complex password possible. A complex password needs to be very difficult to guess, with a collection of random letters and numbers, a certain length, and preferably including special characters.

The traditional method to password management was to enforce a policy where users changed their password on an arranged time cycle, and those passwords had to increase in complexity each time. Unfortunately, in the modern age, this system does not suffice – enforcing longer passwords on a cycle simply forced users to use old passwords again, which just makes the process pointless.

Multi-Factor Authentication (MFA) / 2-Factor Authentication (2FA) – the better, modern approach.

After a user has entered their password MFA there is a second authentication step. They secure your account further by requesting the user to input a code that is randomly generated on a cycle. The code is sent to their mobile device (or authentication app depending which you prefer), or via email. With MFA, regardless of whether they have your password or not, a cyber criminal may be prevented from gaining entry.

MFA, among other login security best practices, can be enforced for your tenancy through Microsoft 365 security defaults.

Microsoft 365 security defaults

You can activate security defaults that enforce a number of policies automatically by defining security parameters that apply to all of your users no matter where they are on the planet.

At no extra cost, you get Security defaults which are available to all users of Microsoft 365 provided you are an organisation that utilises at least the free tier of the Azure Active Directory service.

Security defaults include:

• Requiring all system administrators to follow MFA.
• Blocking legacy forms of authentication.
• Requiring users to perform MFA procedures upon certain actions.
• Requiring all users to register for MFA.

How do you implement security defaults on Microsoft 365?

• Visit your Azure Portal (https://portal.azure.com).
• From the main menu scroll to ‘Properties’. Click ‘Manage security defaults’.
• Move the slider across to click ‘Yes’.

Once having taken control of your organisation’s cyber security when using the Cloud, you can relax in the certainty that your team is prepared and equipped for any eventuality regarding cyber security.

The right solution for your business guaranteed

4TC take time to understand the daily challenges that your business faces. We then provide cost-effective tech solutions to these issues that will help you save time, protect vital data, and enable you and your staff to be more effective with your time management. We will ensure that your staff are using the technology at their disposal in a way that works for them, whilst making sure that they are educated on how to use it as productively as possible. Utilising your IT to its full potential is essential to guarantee that you and your business can thrive and grow into the future. If you would like to find out more on how 4TC Services can provide affordable tech management to your business, drop us an email or call us now for a full demonstration.