When it comes to cyber security, there are a range of different precautions you can take to protect your network and your organisation. While making sure that you have the appropriate Firewall and other cyber security tools is important, it’s essential that you understand that your staff are the weakest chink in your organisation’s armour.
We always say that end user education is the most important part of our 7 steps to cyber security. Perfect security is impossible, and therefore at some point something malicious is going to get through your defenses and reach your staff. You will then need to rely on your staff’s decisions to protect your business.
The truth is, no matter how much we tell our staff to watch out for phishing emails and to be careful about what they do online, we’re all human. We’re all going to have a bad day at some point. We’re all going to have a day when there’s a lot going on and we just don’t think about what we are doing. Those bad days are when they click on a link and something bad happens. For example, ransomware could be installed on your network and you experience severe downtime which will stop you from taking any orders and lose you money.
Mistakes are easy to make, yet in some cases they don’t have to be. There are tools out there that are designed to protect against security issues caused by human error. In this blog, we’re going to look at some of the tools that you can consider to mitigate against these tiny mistakes that could cost your business a lot.
Advanced Threat Protection
The first of these tools that we like to talk about is Advanced Threat Protection. Advanced Threat Protection is an add-on to Office 365 that helps to protect your email. To a certain extent, this tool lessens the need for human judgment when it comes to opening links and attachments in phishing emails.
The tool scans your emails in real-time and judges whether the links or attachments are suspicious. You are not able to open the links or attachments until Advanced Threat Protection judges them to be safe. If they are not safe then you will not be able to open them.
One downside of this tool is that it does take a couple of seconds to scan the email, so you won’t be able to open your attachments straight away. While this can be frustrating, we think it’s worth the wait and reinforces to the end user that they need to think about what they open.
Azure Rights Management
The next tool that we find useful in protecting end users, as well as company data, is Azure Rights Management. Azure Rights Management is a tool that controls who can have access to your documents.
We have all accidentally sent an email to the wrong person. We’ve all put the first few letters of a person’s name in the ‘to’ box and just chosen the first one that comes up without thinking. This can be embarrassing and it can also be dangerous. If you’re sharing an Excel file full of personal data with someone in your business and you accidentally send it to someone external you have essentially caused your own data breach. You would probably get fined under GDPR.
Azure Rights Management is essentially a data control system. It allows you to give rights to certain individuals. You can set it so that certain documents can only be opened by people in your organisation. You can also set it so that documents can only be opened by certain individuals in your organisation, for example if you are a line manager with documents on your staff you may only want HR to be able to access them. Azure Rights Management is all about setting up policies for your data so only the right people access your documents.
Multi-Factor Authentication is an add-on for Office 365 that is all about protecting your identity. To access an Office 365 account you need a password. The problem with this is that passwords can be easy to crack. There are often issues with passwords not being changed often, shared with others or being used for multiple accounts. Only relying on passwords can make your Office 365 vulnerable and can cause security issues.
Multi-Factor Authentication offers the opportunity to double check identity. Using the tool, you can set it so that when you access your Office 365 account for the first time on a new device you will need to use a code sent to your phone number as well as your password, confirming the right person is accessing the account. By using Multi-Factor Authentication, you can make it more difficult for someone to get into your Office 365.
The Cloud has changed the way that we interact with our data. We no longer just work from a PC, we access our documents on our phones and tablets from wherever we are. While increased mobility is a benefit it can also bring security issues. It can be very easy to lose a phone and unwillingly cause a data breach. Microsoft Intune makes mobile device management easy. Even if staff are using their own personal devices, with Intune your business can control access to specific business applications such as Outlook without affecting your staff’s personal files. If a member of staff leaves or loses their device you will be able to wipe the it of any data.
Reduce the risk of cyber security mistakes
It is very easy for little mistakes to happen that can have a massive impact. If you are interested in learning more about our additional security tools or protecting your data then please call 01675 469020 or email firstname.lastname@example.org.