Learning from COVID

Top Five IT Lessons – Number 5 : Security

 

The business response to COVID required IT to do new things quickly with limited planning or budget; this meant that some organisations compromised on testing and/or risk assessment and planning. Not surprisingly, this resulted in some compromised security arrangements. Suspecting that this would be the case, the less ethical members of society have increased their attack on business systems worldwide. If your business has not been attacked yet it is only a matter of time.

 

This is why security made our top five list. Coming in at number five, the key lesson here is that you should never compromise on security. Particularly now that the security risks include phishing, collaboration tools, password management, personal devices and user education.

 

 

Phishing

 

Phishing has always been a popular technique for hackers who are getting increasingly intelligent in bypassing security technologies and controls to exploit anything they can get their hands on.

 

COVID created the perfect environment for cybercriminals to prey upon fear, greed and ignorance to steal money and sensitive information.

 

Barracuda Sentinel combines artificial intelligence, deep integration with Microsoft Office 365, and brand protection into a comprehensive cloud-based solution that guards against these potentially devastating attacks.

 

 

 

 

 

 

 

 

 

 

 

 

 

Collaboration Tools

 

Another target for cybercriminals during COVID-19 is online meeting and collaboration platforms. Microsoft Teams, Zoom and others have become the new norm with everyone working from home.

 

If not set up properly, these tools can have major security gaps. Users should take advantage of built-in security features like waiting rooms, meeting passwords and participant authentication.

 

As these tools have developed over the past year certain settings and features that have been added may not be active giving you the best protection available and a wholistic look at authentication, access and security might save you from unknown risks.

 

 

Password Management

 

Users often don’t understand the passwords are often the only barrier between them and company information. There are many programs attackers can use to help guess or “crack” passwords. Choosing strong passwords and keeping them confidential can make it more difficult for others to access this information.

 

Password policies enable password complexity, password expiry, lockout policy, automatic screen lock and audit logging.  They can and should be applied consistently across an organisation through on-premise Active Directory.

 

Where required, fine-grained password policies can offer different or enhanced security above the default to a subset of users where access may be considered riskier. Aligning on-premise AD password policies with Azure AD is important to remove confusion to users and possible conflicts in a hybrid domain setup.

 

Modern Authentication is a method of identity management that offers more secure user authentication and authorization.

 

Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, your laptop or your phone) and a server, as well as some security measures that rely on access policies that you may already be familiar with. It includes:

 

  • Authentication methods: Multi-factor authentication (MFA); smart card authentication; client certificate-based authentication
  • Authorization methods: Microsoft’s implementation of Open Authorization (OAuth)
  • Conditional access policies: Mobile Application Management (MAM) and Azure Active Directory (Azure AD) Conditional Access

 

Managing user identities with modern authentication gives administrators many different tools to use when it comes to securing resources and offers more secure methods of identity management to both on-premises (Exchange and Skype for Business), Exchange hybrid, and Skype for Business hybrid/split-domain scenarios.

 

Single Sign-on is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-entering authentication factor.

 

In today’s cloud-driven environment, most if not all SaaS solutions provide the ability to use a separate Authentication and Authorisation solution such as Azure Active Directory to gain access to the third-party SaaS or other services. This removes complexity, duplication and simplifies user management with a single location to control access. When combined with Modern Authentication offerings such as MFA and Conditional Access, you get full control of providing a very simple yet secure end-user experience.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Personal Devices

 

Overnight, many of us found ourselves working from home and in some cases, temporarily working from personal devices. It’s essential that all devices, personal included, are equipped with suitable security software.

 

Most companies have found their staff working remotely for a very long period this year and have been challenged with keeping the devices secure and up to date while accessing corporate resources and data. These devices have traditionally been managed with on-premise systems and services which may not scale well for a remote workforce.

 

Taking advantage of a modern Mobile Device Management (MDM) solution which is agnostic to user location or platform solves these issues. It will manage end-user devices with updates, application deployment, VPN connectivity, policies and of course most importantly confirming the device is secure and meets company policies such as is the endpoint protection up to date, is the firewall enabled, before allowing access to the corporate environment.

Winthrop Australia

Education

 

A user’s lack of cyber awareness is among the top reasons for any successful exploitation. It’s imperative to provide regular and ongoing training to people on cybersafety.

 

Barracuda PhishLine trains users to understand and respond correctly to the latest phishing techniques, recognize subtle phishing clues, and prevent email fraud, data loss, and brand damage.

 

Managed Services – part of your team, 24/7

We gain an in-depth understanding of our managed service customers environments through the onboarding process, maintenance tasks and regular meetings. This knowledge allows us to identify opportunities for improvement and the most appropriate technical and commercial solution for our customers.

 

Our Managed Services are designed with your business’s unique infrastructure in mind. By working closely with you, our team of experts can deliver improved network quality, optimum performance and transparency, with a focus on security. Think of us as an extension of your own IT team!

Winthrop Australia
Winthrop Australia

Tell us your Top 5 and Win an iPad

Share your top five COVID lessons with us. If your entry is one of the top three, an Apple iPad will be on its way to you. Terms and conditions.



    This will close in 0 seconds

    GET IN TOUCH

      We’ll only communicate with you about your enquiry, and we don’t share your information with anyone.

      This will close in 0 seconds

      CONTACT NOW