Some facts: 1.2 million of all Office 365 or Microsoft 365 accounts (each month) are compromised. This represents 0.5% of all accounts in your environment. Source: theregister-co-uk
Multi-factor authentication prevents 99.9% of all attacks.
Take control of Mobile Devices, or at least use Mobile Aplication Management and protect your corporate data. (iOS, Android, W10, MacOSX,..)
3. Passwords and management of authentication
Create a password policy. Check if 100% is during renewals. Enable MFA for everyone. In case you don’t do it create policy for example: IF not with MFA than set password +100 characters. (for applications, not users) etc..
Microsoft has advised to disable password renewals in this article. I think it’s possible IF you are doing multiple other steps of this article.
4. Create real-time reporting of security vulnerabilities
Identity risks are in every organisation. Don’t think that your changes are low. Check the facts.
It is very easy to use ‘risky users‘, ‘risky-sign’ ins and ‘risk detection’ to find out real risks.
Integrate with Microsoft Defender ATP and ATP Sensors to have all intelligence in the Microsoft cloud.
5. Create automated and intelligent alerts
There is only 1 answer. Microsoft Cloud App Security.
Create alerts when 100 files are deleted. Copied to Dropbox for example.
6. Install antivirus on ALL endpoints + go beyond antivirus
Microsoft Defender ATP, sentinel-one, Norton, McAfee, it doesn’t really matter. As long as you are able to protect all endpoints.
The second factor is to make sure that your antivirus is enabled. Use a single console. OR use MDATP. Set security alerts so you know when you are at risk.
Use EDR monitors to detect and respond to advanced attacks in real time.
7. Secure private(personal) devices and corporate devices
workstations and portables (With W10 for example) are in control in most of the companies. Mobile devices are left unmanaged because we don’t know the options.
With Intune (EndPoint Manager) you can isolate and segment applications without having to manage the device. The corp. applications is under control. The organization’s data is protected. The most important thing is done!
Choose a fingerprint, faceID worst-case pincode in app protection.
Below you may find an example of the Outlook application which is protected by Mobile Application Management. In case organisations are not the owner of these devices this is a great option. And simple to implement.
8) Evaluate regularly which users have access to data, devices and physical network
Cloud App Security shows you exactly whether data is passing on all endpoints.
Document data, lateral movements, usage of applications, global traffic, count of applications in use in your organisation. Risk levels, GDPR proof applications..
Bring network devices logging in CASB to have more insights.
9. Track and block access for temporary projects or employees leave the company
governance without enforcement is just good advice.
Create simple written policies, enforce policies.
Create retention policies for example in a Microsoft Team that removes the team after 180 days.
Use Information protection to protect document data. Even if you lose the document “physically”. There are still options to block this from opening and keep in secure from distribution, opening, editing,..
Create document data insights from on-premises and cloud solutions with Microsoft Information Protection Policies.
Conclusions
Security priorities are difficult. However, I would always start with MFA becasue this is fundamental identity security. Afterwards document and device security. Because companies are moving to Teams during Covid-19. And you don’t want data leakage during this time.
If your identity is not secure, and compromised, there is no point in doing information protection. Because a ‘hacker’ will use your accounts to access your corporate data.
