Cyber security strategy quick wins
In the aftermath of Australia’s two largest cybersecurity attacks recently, Optus and Medibank, companies around Australia are looking for immediate solutions to protect them from ransomware and evasive social engineering attacks.
Given the reliance on Microsoft 365 and various Microsoft products for cloud compute and collaboration – it is essential for Australian organisations to ensure that appropriate security features are enabled and tailored to their unique infrastructure environments. Microsoft’s default security settings are often not enough, nor do they protect from well-engineered ransomware, social, phishing or malware attacks that come from endpoints.
Microsoft Office 365 is popular because of its mobility and collaboration features. Thankfully, Office 365 offers built-in capabilities and customer controls that can help meet enterprise security standards for a fraction of the cost of third-party security platforms. However, these are only effective if configured correctly, patched, and designed around your unique work infrastructure environment.
To get some quick wins, the following 8 critical security administration strategies will improve cyber-resilience within your team.
Microsoft 365 Security Checklist
1. Build an identity fortress through enabling Multi-Factor Authentication (MFA), Role-Based Access Control and Conditional Access:
Use Microsoft identity management features to build a cyber resilient organisation through best-of-class identity management. Firstly, enabling MFA in your environment helps protect against username and password theft, particularly for mission critical applications. With this feature enabled, users will receive a text message or in-app authorisation request to prove their identity. This is particularly useful for remote workers who frequently travel interstate or work across public WIFI networks.
Secondly, role-based access control (Azure RBAC and M365 RBAC) is a system that provides fine-grained access management of platform resources and data. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs thus controlling the likelihood of malicious actors entering these zones.
Finally, Microsoft’s Azure AD Conditional Access features allow for real-time signals such as user context, device, location, and session risk information to determine when to allow, block, or limit access for users. You can also use this to assess the health and security configuration of registered devices to ensure only healthy and trusted devices can access your corporate resources.
2. Track compliance data through Purview for content search and manage data loss prevention:
Use the Content search eDiscovery tool in the Microsoft Purview compliance portal to search for in-place content such as email, documents, and instant messaging conversations in your organisation. This is particularly useful if your organisation requires customer data, or various regulatory data, to be stored in one place and not leaked across the environment.
3. Set up alerts
In the Microsoft Security and Compliance Centre, you can track new activities, perceived threats, monitor user actions, and set up notifications for abnormal behaviour. Be careful to set alerts and notifications sparingly as to avoid ‘alert-fatigue’.
4. Enable Microsoft Defender for Security Reports
Perfect for monthly reporting and on-going monitoring, security reports inside Microsoft Defender can track data loss, data loss prevention measures, malware detection, spam detection and identity breaches. These are very useful to present at monthly executive meetings to provide context of the organisation’s security posture.
5. Manage application access on company and personal devices with Microsoft Intune
Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies device management across many corporate devices, including mobile devices, desktop computers, and virtual endpoints. This ensures that any corporate application used on the network can be managed, or users can be booted off if they do not meet usage policies, regardless of the device ownership.
6.Track what users used which documents
Need to find if a user viewed a specific document or deleted an item from their mailbox? To spot malicious activity from either internal or external threat actors, you can use the audit log search tool in Microsoft Purview compliance portal. The tool enables you to search the unified audit log and view user and administrator activity in your organisation.
7. Spot multiple instances of malicious activity across the network
Microsoft Advanced Threat Analytics (ATA) detects multiple suspicious activities including when attackers gather information to plan their attack, such as how the environment is built; what the different assets are; and which entities exist. ATA also analyses lateral movement to create visibility of the attack spread inside the network and picks up what other entry points or credentials an attacker might use to try in an intricate ransomware attack – like what Optus and Medibank have recently seen.
8.Set up controls for document sharing across SharePoint, OneDrive, and Teams
Sharing confidential information both inside and outside of the network needs to be managed, especially in remote working scenarios or whereby third-party contractors and vendors are engaged. These sharing measures can easily be configured inside the M365 suite and cover across all collaboration features. It is important, however, to set sharing configurations in a flexible way that does not impact business operations or create unnecessary ‘approval request’ workloads for system administrators.
Learn more about Microsoft 365 cyber security
Microsoft 365 and Microsoft Azure are the most used platforms across cloud and workplace collaboration. Unbeknownst to many organisations, their Microsoft licence also includes a range of best-of-breed security tooling that can prevent these styles of attacks.
Empyrean is a leading Microsoft Azure and Microsoft 365 consulting partner. We help customers upgrade their outdated and traditional point security solutions to one consolidated platform across identity, email, remote devices, data, and apps.
By utilising your existing Microsoft licences, we can configure and reinforce your security posture at a fraction of the price of traditional point solution security models.
Meet with Empyrean to discuss how you can take advantage of the M365 and security benefits in 2023.
In this meeting you’ll learn how to:
- Use your Microsoft suite to prevent similar ransomware attacks that were experienced by Optus and Medibank
- Leverage Microsoft Defender for M365 to prevent phishing attacks
- Secure work data on personal and remote devices using Microsoft Intune
- Build in secure access and identity management across all work applications with Azure AD
- Implement Azure Information Protection for Data Loss Prevention
- Protect chat and meeting data through Microsoft Teams
- Retrieve and protect lost or stolen passwords through advanced multi-factor authentication
- Provide a single-pane visibility of the security status entire platform on a 24/7/365 basis
- Assess the impacts of security compliance regulations on your organisation and the financial implications if they’re not met
Empyrean is a specialist Microsoft services partner with over 20 years’ experience in designing, implementing, and integrating Microsoft solutions across cloud, infrastructure, security and application environments. Our security expertise in Microsoft helps our customers optimise their entire Microsoft licensing models.
Talk to us about how to better protect your organisation with a platform approach to security – encompassing end-to-end protection from any type of known attack, including ransomware, malware, DDOS and social engineering.
