Claranet | Why you need a Microsoft 365 Secure Health Check

June 15, 2021 Claranet Limited

The switch to distributed working has resulted in Microsoft Teams growing by 145 million users since April 2020. Whether your business was part of this wave of accelerated change, or already an established user of Microsoft 365 for many years, there is one overriding priority: make sure your business-critical application is secure and your data is 100% protected. 

As businesses rapidly accelerate and digitise and move to cloud in their quest to increase agility, productivity, and competitiveness and Modern Workplace practices shift expectations to work from anywhere we also need to appreciate that they are moving to a platform that is constantly being targeted and attacked. This might not have been at the forefront of businesses mind when starting their experience with Microsoft 365, but it is something that should be high on their` list of priorities.   

As we shifted from working from the office and into the home the old model of Firewalls, VPNs (Virtual Private Networks) and Security routers these become less relevant, and a different approach is required.  

Introducing Zero Trust  

Zero trust is not a new concept it has been around for years, but it has never been what people have thought about when looking to go to the cloud. A reason for this is that most people worked in an office where you are protected with Firewalls, secure VPNs (Virtual Private Networks), Security routers etc. 

These are all good physical security devices and can still be used, if we look at the current situation who in your business is still protected by these and who have moved from an on prem identity to cloud or hybrid identity.  

Having the power to set up a Zero trust is immensely powerful because you are being proactive with your users’ identity and data, yes there are issues that need to be addressed when setting this service up. Configuration of your environment is key but not doing this in our view is not an option, you are sitting on the world’s biggest target for hackers, so setting up the right protection to stop attacks before they happen is now an essential thing.  

The security landscape had changed. Zero Trust is now a must.

With the increase in cyberthreats and threat actors who are looking to capitalise on the disruption change and uncertainty affecting staff and businesses during this time of uncertainty in the landscape has changed. The new security perimeter isn't defined by the physical location(s) of an organisation - and now extends to every access point that host, stores, or accesses corporate resources and services. Interactions with corporate resources and services now often bypass on-premises, perimeter-based security models that rely on network firewalls and VPNs. Organisations which rely solely on on-premises firewalls and VPNs lack the visibility, solution integration and agility to deliver timely, end-to-end security coverage.

Consider what's at stake

  • Your company’s bottom line: The average cost of a breach in 2019 is $3.92 million 
  • Your company’s reputation: After a breach, how likely are customers to stay and new prospects to come? 
  • Your continued revenue: Will your customers leave for a competitor they perceive to be safer or more responsible? 
  • Your information: The median time from compromise to discovery in 2016 was 99 days leaving plenty of time for attackers to damage or steal your assets 
  • Your job: A breach could cost you and your team their jobs 

When considering the types of features, you want to set up you must consider a number of things like how much freedom do you want to give your employees. When it comes to your industry what security regulatory compliance do you need to meet, who is going to maintain these security features for you because you do not want to make them too complicated, and time consuming for someone to manage and maintain the rules.  

Once you have answered the questions above then yes there are more questions around what you want to do about Corporate Data, Application access, End Point access and most of important your users Identity.  

I would say answering your identity questions is going to be big ones like: 

Identity 

  • Are all accounts restricted and using two forms of authentication? 
  • Has a minimum password length and complexity been set up? 
  • How often should passwords expire? 
  • Do you want to give your users the ability to do their own password reset? As this might help reduce internal resources by applying this feature.  
  • Do you work with any other countries, if you do not lock down the Microsoft 365 environment so only employees in approved countries can log into your 365 tenants?  
  • Do you want to combine this with MFA (Multi Factor Authentication) also?  

Data Leakage Prevention (DLP) 

Do you want to allow users to Share Data to external users or even copy the data to personal files?  

Devices 

  • Do your devices meet the minimum requirements?   
    • Where are you with your update policy do you always force out the latest updates or take your time? 
  • What office suite are users using because do you want to block legacy authentications?  
  • A simple report, produced by one of our Office 365 Consultants, looking into your configuration to highlight if there are any areas of concern and to give you an increase comfort level that you have good security posture. 

Our offer – Microsoft 365 Secure Health Check 

Claranet are offering is a one-day review of your Microsoft Office 365 tenant to produce the following: 

  • A simple report, produced by one of our Office 365 Consultants, looking into your configuration to highlight if there are any areas of concern and to give you an increase comfort level that you have good security posture. 
    • Identity
    • Admins configuration 
    • Sharing policies – SharePoint, OneDrive, and Teams 
    • Email configuration 
    • Microsoft Teams configuration 

We’ll then jump on a call to talk you through any critical, urgent, or high-risk issues with recommendation for remediative access.  will guide you, or implement for you, the changes required, and help you understand the impact to you can communicate these changes to your users.

  • A recommendations list of best practice items to consider 

Within Microsoft Office 365 there is a Secure Score reporting page that you have access to now and you can compare yourself between industry standard across Microsoft Office 365. With this report and the Secure Score that you have access to it will give you a clear indication of where to tighten up your security and where to potentially easy restrictions as well.  

Licensing and Adoption 

You might want to consider reviewing your licensing options. Do you have the best license type for your users, could you pay less? Are your users really getting the best out of Microsoft Office 365 and adopting all the cool features they have access to? Are you using 3rd party products that are already included as part of your Microsoft Office 365 subscription, or might be cheaper if migrated to Microsoft Office 365? 

What we ask for in return 

If you have specific areas of advanced security that drill deeper than the above, we can put together a simple proposal to deliver these for you. Some of these items take time and a collaborative effort between us and you to hit the right mark balancing security with usability 


Further reading  

https://www.ncsc.gov.uk/news/rise-microsoft-office-365-compromise 

https://home.kpmg/xx/en/home/insights/2020/09/microsoft-365-getting-ahead-of-threats.html

 

Previous Article
Claranet | Three disastrous examples of companies that didn’t protect or back up their data in 2020
Claranet | Three disastrous examples of companies that didn’t protect or back up their data in 2020

Next Article
Claranet | A business future with artificial intelligence
Claranet | A business future with artificial intelligence

Artificial intelligence is impacting the future of virtually every industry and every human being.