In the previous blog in the series we explored the fact that being a small business makes you a bigger target for cyber criminals – this is often due to the considerably lower budget that most small businesses have in comparison to their larger counterparts. We also explored why it is so essential to secure your Microsoft 365 and some of the most popular methods used by cyber criminals to attack your system.
In the following blog we will explore what the potential consequences of a breach are, and some different ways to protect your system to stop them from happening.
It is difficult to highlight the potential consequences of a breach without knowing the goal of the cyber criminal. The most severe of these are:
Microsoft 365 – the cloud ecosystem that allows millions of businesses worldwide to function – has been a part of most of our lives for many years, for some as far back as childhood. Its day-to-day uses (from storing emails, files, and folders, to other sensitive financial or customer records) have become essential to completing our daily tasks. Its functionality is designed to accommodate an influx of emails so it is unsurprising that malicious emails will find their way through. With this in mind, it is imperative that we do everything within our power to protect that environment from the dangers of a cyber attack.
There are two main areas that need addressing in order to ensure that your system is as secure as possible. Let’s explore them now:
Tech defences can help you to combat a variety of different cyber threats. They protect against:
Your users are the most important, and final, line of defence for your system. Your system – no matter how much you spend on technical measures – is fragile, and a simple click on the wrong link can send the whole thing into chaos. Let’s take a look at some of the risks posed by your users in the way they interact with Microsoft 365, that depend upon:
We will now look at some of the security features of Microsoft 365, the risks that they tackle, and how to apply them in your organisation.
Reduce the risk of individual user accounts from becoming breached by cyber criminals as a result of exposed credentials on the dark web, or because of accounts being secured with basic common password formats.
The risks overcome
In Microsoft 365 a secure password policy is defined, directing you to use a complex password. Your password should be exactly that – complex. It should be one that cannot be easily guessed, of a certain length, and comprising a random mixture of letters, special characters, and numbers. Over recent years password best practice has changed drastically. Traditionally, users were instructed to change their passwords on a regular cycle of a few days/ weeks and were told to enforce passwords of ever greater length.
Recently this approach has changed due to the realisation that enforcing longer passwords, combined with a regular password renewal cycle, simply encourages users to use old passwords again or to use abbreviated / slightly changed versions of the original (by adding 123 to the end, for example). Doing this makes the entire time-consuming process pointless, the account is no more secure than before the change was made and it is no more difficult for cyber criminals to perform a successful attack on your systems.
Multi-Factor Authentication (MFA) is the better approach. Applying an additional layer of login security, known in some cases as 2-Factor Authentication (2FA), is the newer approach. MFA is a second authentication step that takes place after a user has entered their password. Accounts are further secured by requesting the user to input a code, which changes on a cycle – usually every few seconds or a couple of minutes. The code is provided to the user via their mobile device through text message or by accessing an authentication app, constantly layering the security offered by needing multiple devices to access. Even if the cyber criminal has your main password to the account they may not have access to your device. MFA can be enforced through Microsoft 365 security defaults.
You can define security parameters for all of your users wherever they are on the globe, and they can be activated to enforce a number of procedures automatically. Security defaults are part of the service/ tools provided by Microsoft at no extra cost, provided you are an organisation that utilises at least the free tier of the Azure Active Directory service.
Let’s look at what the security defaults include:
The next time your users log in to the system following this action they will have to activate MFA on their accounts by entering a mobile number or another method of personalised identification – such as selecting an authentication application to use on their device – but don’t worry – this is a relatively easy process and is worth doing just for the peace of mind that your users are a step closer to being cyber secure.
In the third and final blog in the series we will explore in detail other security measures that will ensure you and your team are cyber secure in the future.
Implementing the correct security measures for the technical landscape of your organisation has the power to revolutionise the way your organisation works. We can implement and maintain your security measures and look for better ways to defend your system. Our success can be attributed to one thing: TRUST. Ever since our very first year in business, our clients have been happy to recommend us to other businesses, and we have grown steadily as a result of these recommendations. We can help you to truly get the most from your IT in the most secure way possible. Don’t hesitate – contact us now!
Book a no-obligation discovery call with a member of our team today by calling 0207 993 9035 or firstname.lastname@example.org