05 Jul A smooth transition to the Cloud – Cloud Security
In the previous blog we explored what Cloud computing is, the considerations you need to make when exploring a transition to it, and what the different options are when working in the Cloud. In the following blog we will explore the security of the Cloud, the ways in which threats may target you, and how to combat those threats.
As you already know, the security of your organization is integral. Security should be the most important concern you have as a business owner, and this is why it is worth knowing that the common misconception about the Cloud (that you are always backed up and secure), unfortunately, is not true. Your provider is keeping a watchful eye on it, but the main responsibility falls on the shoulders of your team – they still have access to that data when working remotely and could potentially be saving to an insecure browser. Those same team members also pose the risk of errors which could allow access to your system (more on this coming up).
Let’s explore some of the ways that cyber criminals can hack their way into your systems.
Ransomware is designed with the intention of removing your access to your data. It does this by encrypting your files behind a secure ‘key’. The aim of the cyber attacker is to hold the ‘keys to your system’ and then ransom your files – demanding money in exchange for returning your access.
Phishing scams involve an individual impersonating a known and trusted organization. The message they send to their target will convey a sense of urgency in an attempt to panic the victim into disclosing sensitive information. The email may contain a message to make you do something due to an ’unauthorized breach’, or a link with a message along the lines of ‘your account will be permanently closed in an hour, please click the link to learn more’. The messages will be accompanied by a link that redirects you to a login portal that is designed with the sole intention of hijacking your data.
It is important that you educate your employees on the potential dangers of their activities online. Vigilance is essential, and a basic gut instinct of ‘this doesn’t feel right’ usually means you are right!
There are technical security measures that can be taken to better protect you, your users, and -arguably most importantly – your data when online. Let’s say, for example, you have chosen the Microsoft suite of tools as your Cloud platform – a familiar choice that a lot of users around the globe have made (with the platform, along with the increased levels of productivity, collaboration, and communication that can be achieved through applications such as ‘Microsoft Word’, ‘Excel’, ‘Planner’, and arguably most impressively ‘Teams’). Microsoft takes security seriously. Let’s take a look at some of the technical measures available for securing it.
How to better secure your Microsoft 365 suite of applications.
There are two key areas to address to reduce risk of data breach and best secure Microsoft 365 in the Cloud:
1) Technical controls, policies, filters, and defences.
2) Policy changes for how users access and use 365.
Technical defences exist within Microsoft 365 to overcome different security threats, including preventing:
- Email content or attachments from being intercepted or viewed by unauthorized parties.
- Your domain from becoming a victim of a ‘spoofing’ attack, with cybercriminals purporting to be your business.
- Phishing attacks being received or having their links clicked upon within email.
- Malware, Ransomware, and other malicious file attachments being received or downloaded from emails.
As we touched on briefly earlier in the blog, your users should be the final line of defence for your systems – but, unfortunately, many end up being the cause of a breach. Your system is fragile – it is as simple as clicking your mouse on a malicious link for your entire organization to fail.
There are a number of risks posed by the way users access and interact with Microsoft 365, that depend upon:
- The complexity of their password and whether this password is unique to 365 or used as a general password across other services.
- The ability to share files and documents, and with whom.
- The ability to share potentially sensitive information within email messages.
- The level of system access and permissions assigned.
Let’s take a look at the security options in Microsoft.
Reduce the risk of individual user accounts from becoming breached by cyber criminals as a result of exposed credentials on the dark web or due to accounts being secured with only basic common password formats.
Overcome the risks
A secure password policy is defined by default within Microsoft 365 and is designed to direct the user to use a complex password. A complex password is exactly as it sounds – it needs to be not easily guessed, a collection of random letters and numbers, a certain length, and include special characters. Traditionally, managers would enforce users to change their passwords on a time cycle, and those passwords must get longer and more complex when changed.
However, in this modern age, this system has been scrapped. Enforcing longer passwords with a regular password renewal policy on a cycle subconsciously forces users to use old passwords again or essentially recycle the same core lettering but simply extend it by adding a number of further characters at the end to make it easier to remember. Unfortunately, this just makes the whole process irrelevant as the account ends up being no more secure than before.
Multi-Factor Authentication (MFA) / 2-Factor Authentication (2FA) is the better, modern approach.
MFA is a second authentication step that takes place after a user has entered their password. They secure your account further by requesting the user to input a code that is randomly generated on a cycle (usually every few seconds or a couple of minutes apart). The code is received to their mobile device (usually through a text message), but also can be accessed through an authentication app, or sometimes via email. So, with MFA, even if someone has your password, they still may not be able to gain entry.
MFA, among other login security best practices, can be enforced for your tenancy through Microsoft 365 security defaults.
The Microsoft 365 security defaults
You can activate security defaults that enforce a number of policies automatically by defining security parameters that apply to all of your users (wherever they are globally).
Security defaults are available to all users of Microsoft 365 at no extra cost, provided you are an organization that utilizes at least the free tier of the Azure Active Directory service.
Security defaults include:
- Blocking legacy forms of authentication
- Requiring users to perform MFA procedures upon certain actions.
- Requiring all system administrators to follow MFA.
- Requiring all users to register for MFA.
How do you implement security defaults on Microsoft 365?
- Visit your Azure Portal (https://portal.azure.com).
- From the main menu scroll to ‘properties’.
- Click ‘Manage security defaults’.
- Move the slider across to click ‘Yes’.
Once having done this, your users will be forced to activate MFA on their accounts by entering a mobile number, email address, or another method.
Now that you can take ownership of your organization’s cyber security using the Cloud you can be certain that your team are as equipped as possible in case of a cyber threat. We hope that you now know the range of choices that are available and the considerations you need to take into account before taking the plunge and guiding your business into Cloud computing.
Improving the ways you work remotely – SRS
Since 1996 we have prided ourselves on providing professional IT support for businesses in and around Salinas, California. We strive to give our clients enterprise-level services and solutions at prices that work for small businesses. We can recommend and provide the tools needed to enable your business’ operations to be safely conducted while your employees are working remotely. This transition may not be temporary, but, with the world of work going remote, is your business ready to make the change? Book a free consultation call today and find out how – with Cloud computing – your business can excel to new heights.