In our modern, technological world, IT departments are tasked with defending every device in their organization from attack by everyone from rogue nation states to corporate competitors, to college students. Attack strategies have grown – Verizon estimates that 52% include hacking, 28% involve malware, and 33% use phishing or some form of social engineering. Additionally, the payouts for hackers and potential losses for businesses have escalated. Security Intelligence reports 2019’s average cost of a data breach to be $3.92 MILLION. Can your business afford to have a data breach?
6 Tools to Add to Your Cybersecurity Arsenal
While security is the utmost importance, overly complex security measures are useless if employees are unable to utilize the data they need. Microsoft platforms, like Azure and Enterprise Mobility + Security (EMS), ensure that your company’s data is both protected and accessible to those authorized to use it.
Azure Active Directory
We’ve talked about how to make Azure Active Directory (AAD) work for your company. AAD can provide identity management for all of your users, whether they’re on-premises, remote, or hybrid, and whether they’re accessing applications locally or in the cloud. From a security perspective, this technology makes managing a remote workforce seamless by controlling functions and limiting what is accessible under the umbrella of your domain.
Multi-Factor Authentication (MFA) is the single most important action you can take to prevent accounts from being compromised. According to Microsoft, MFA can block over 99% of account compromise attacks. The concept is simple: login requires not just a guessable password, but also a second factor that cannot be guessed or brute forced. In the most common implementation, MFA is simply a notification to a user’s phone when they attempt to login from outside of the building. The end result is that an outside attacker needs not just a user’s password, but also a user’s phone to gain access to the user’s account.
Technologies within AAD enable us to fine tune MFA policies to provide the maximum amount of protection with the least amount of headache for your users. For example, maybe you only want to require MFA if a user is signing in from an unrecognized device. Or, maybe you want to require MFA if a user is signing on from outside of the building, or outside of the country, or has entered an incorrect password 3 times. With MFA in AAD, all of those policies and more are no problem. These tools are the best effort at eliminating unauthorized access to that leads to compromised mailboxes, and malware released on networks to cause chaos.
Azure Information Protection
Azure Information Protection (AIP) allows you to manually or automatically classify data and prevent it from leaving your environment. For example, if your organization wants to prevent documents containing Social Security Numbers from leaving the company, an AIP policy can automatically identify documents containing them and then block them from being emailed, copy/pasted, printed, or otherwise shared. Or maybe you want users to be able to classify documents on their own – AIP can do that too with Sensitivity Labels. An administrator can setup policies to apply to any document with a label applied, and then users can decide which documents to label. You can even combine the possibilities, with automatic and manual data classification policies. Without a policy like those mentioned above, the potential exists for an organization to allow sensitive information to go outbound into the wrong hands, and the organization would be held responsible.
Attack Simulator for Office 365
Phishing occurs when an attacker uses a legitimate-looking communication as bait to entice an unsuspecting user into illegitimate actions. Phishing attacks can be very sophisticated and fool even the most security-minded users. The best defense against phishing is to train your users to recognize phishing emails, and to periodically test and shore up weak areas.
Microsoft 365 includes a phishing attack simulator that allows administrators to simulate a phishing attack to select users in order to identify who might be at risk. Administrators can generate official-looking but false emails to entice users to click a link. The results of these tests allow administrators to target users who may need increased security training. Executing the simulator may reduce your potential for attack by 50% by training employees not to click on emails that have links that lead to malware, hackers, and ransomware that can dismantle an organization.
Microsoft Defender for Identity (MDI)
Many attacks begin with a compromised account. Microsoft Defender for Identity (MDI), formerly Azure ATP, monitors user behavior throughout your network, creating behavioral baselines for each user. Then using Artificial Intelligence (AI), MDI alerts on suspicious activities, revealing potential compromised users and insider threats. It helps you know in advance where potential attacks may come from, which allows you to remediate them. Identifying abnormal characteristics by comparison to normal activities, like that of a hacker, is a significant ability to provide the opportunity to stop incidents that can originate from malware, unwanted wire transfers, and ransomware.
Cloud App Security
Microsoft Cloud App Security is a Cloud App Security Broker that enforces your enterprise’s security policies in real time. It monitors user activity for abnormal behavior and can automatically restrict user accounts who are behaving as if they’re compromised. It works across many different collaboration platforms, helping you to manage the proliferation of shadow IT by blocking your data from moving into unauthorized applications. For example, let’s say your company uses Microsoft OneDrive and you want to find out if employees are uploading corporate data to DropBox instead. Cloud App Security will not only give you the visibility into where your data goes but can also allow you to prevent it from going there. Without a policy like those mentioned above, the potential exists for an organization to allow sensitive information to go outbound into the wrong hands, and the organization would be held responsible.
Putting it All Together
A University of Maryland study revealed that hackers attack every 39 seconds. Your organization is vulnerable, and if you’re not taking proper precautions, you will be compromised eventually. Fortunately, Microsoft’s suite of tools provides businesses with a broad and powerful set of tools to protect systems from compromise, and to limit damage.
As a Microsoft Gold Partner, Anders Technology advisors have the training, experience, and expertise to secure your organization from breaches, both internal and external. We can help you understand today’s complex security environment and develop a security posture that will keep your data safe without inconveniencing your legitimate users. Contact an Anders advisor below to discuss your situation.