BluePackets

11 Signs your organisation might be getting complacent with IT security:

1) Compromised accounts
End-users can often be the weakest point of security. They make mistakes. This is a numbers game. Even to the most security aware person - it only takes a momentary lapse and details can be compromised. Every organisation should have systems in place to minimise the risk. If this is a recurring problem, then it is a clear sign that security needs to be improved.

2) Unsure of the security that is in place.
Security doesn't happen by accident. Knowing what is in place is critical. How can you be confident in your systems if you don't know what is in place, and what protections are there?

3) No plan for further security improvements.
Security isn't a thing that you finish. It is always moving, evolving over time. There is always another step that can be taken. While you can't do everything at once, it is important to have a plan for what you are doing to improve security this year. Like many things in life, if you aren't moving forward you are actually going backwards.

4) Surprise when there is a security incident
No matter how secure your system is, there will be incidents. This shouldn't come as a surprise, and might indicate that a fundamental shift in security perspective is required. The world is knocking at your door. Time get on the front foot!

5) No plans of how to respond in the event of a problem
Something is going to happen, what are you going to do? You need to be prepared. Who are you going to notify for help. Who do you need to notify if 3rd party data is impacted. When do you need to notify them? How is your organisation going to continue to function?

6) Lack of cyber insurance
You have insurance for all the important parts of your business. Are you IT systems critical to you? If your systems were turned off right now and you had to start again without your data – what would the impact be? If this would have a significant impact, then it is worth having insurance to assist you.

7) Not aware of what the Essential 8 is, and how you compare to it
This is a suggested minimal/standard security requirements as advised by the Australian Federal Government. This list changes over time as the threat landscape changes. It is a great free and impartial reference point. Knowing where your organisation sits against these standards can give you valuable insights.

8) Staff are able to install software on their work computers
This is a big no-no, and is an easy avenue for infections or negative consequences. It is critical that any additional software to be installed is vetted and managed by your organisation, and not your team members.

9) IT Security is viewed purely as an expense to be avoided
Efficiency is key. Under-investment in IT security can be very expensive. A well secured and managed IT environment should bring you a “Security Dividend”. These are direct and indirect savings that can be made by having a secure and stabile environment. There are multiple layers of costs to consider:
* The interruption to your work-flow
* The cost paid to consultants to fix the issue
* Potential legal costs in the event of a data-breach
* Potential loss of future earnings due to reputation damages

With the full cost in mind, prevention will almost always be cheaper than the cure.

10) High levels of reactive support requests to fix issues
Hardware breaks, software has bugs, systems have outages, users need training. These statements are true – however – as a general statement the actual volume of troubleshooting should be minimal. If your organisation has a heavy need for IT support and assistance, there is a chance that you might benefit from proactive changes that further reduce risk.

11) No recent security reviews
You can’t know where you are going if you don’t know where you are. It can be very easy to over estimate your security posture. In a fast moving environment, an old review is almost worthless. Security needs to be reviewed and considered on a rolling (and regular!) basis.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.
Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

fb.me

Trust by your clients in your computer security is critical in the modern era. It takes time to build trust, and it can be ripped away in an instant. Have you ever had one of your 365 accounts sending out junk or malicious email on your behalf? This can be a big give away that you have lost control of your 365 environment or accounts. If an attacker can send out email, it is assumed that they have access to your emails, and likely files.

How do we help our clients minimise the risk of this happening? We a holistic approach - preventative, and also reactive monitoring. Even a highly secure configuration can become compromised by human error. The reactive monitoring has been effective, typically enabling us to notify clients to the intrusion before it has a chance to escalate.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.
Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

fb.me

Myth: A username and password is the only way to access your 365 environment.

The answer to this almost always comes as a surprise. Did you know that with a few clicks, approval can be give to 3rd party applications to access your 365 data (ie, files and email)? Often this is presented as a step to integrate with a 3rd party service for work. Sometimes it might be presented as a way to access a feature or even a game. Once a user grants permission, these permissions typically stay around forever. This means you can change your username and password, and these external companies may still have access to your data.

Why should you worry? If given access, these external programs could have permanent full access to all the data in your systems (with the same permissions as the user that granted it). This could be used in a malicious manner. Numerous times we have identified clients that have installed unknown 365 applications - software that we can't link to any official system or identifiable business.

What can we do about it? We have a solution for our clients that reports on existing 3rd party applications, and alerts when new applications are added. The bulk of applications are helpful, however it is important to find out in a timely manner when access is being added to your 365 environment.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.
Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

fb.me

365 Security Spot-Quiz Question: What is the "Secure Score" of your organisation?

What is this "Secure Score"? It is a number that is assigned to your MS 365 tenancy, organisation wide. Each time you improve your security of your 365 configuration, the score is re-evaluated. This typically results in your score going up.

Why is this important? Just by purchasing a 365 subscription, it doesn't mean your configuration is secure. This scoring system helps give you a benchmark to work against.

What do we often find? New clients with a very low Secure Score (typically below 20%). With suitable advice and support, we can often get this to 80-90% without having any real impact on usability. This is a massive improvement, and helps protect you and your data.

New security features are being made available on a regular basis, so your relative Secure Score can go down over time. How do we manage this?
* Our clients get a report each month, which clearly shows their secure score/
* We also have a monitoring system available that will alert if this score becomes too low over time - an extra reminder that things need to be improved.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.

Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

Is your business running on 365? Would you know if someone is trying to break in to one of the accounts in your organisation?

First of all, why should you care? It matters because it is far better to stop the intrusion, rather than having to clean up the mess after the fact. If you have an early warning sign, it is definitely worth getting in and being proactive.

A myth that we often hear is that ‘we are too small to be targeted’. We have seen even some of the smallest clients receive 30,000+ failed login attempts within a short period of time.

What can you do about it? There are numerous steps you can take, such as:
- Ensure any (and all!) targeted users have Multi-Factor-Authentication setup and enforced
- Ensure that the users in question are using a strong password
- Ensure that the passwords in use are unique (and not used else where)
- Ensure suitable Conditional Access Policies are in place
- Notify at risk users, asking them to be on the look-out for suspicious activity on their accounts and devices
- Also ensure that all users are suitably trained in cyber security precautions

Now to the question again, how would you find out that one of your user accounts is under attack? Normally, by default, you wouldn’t. No alerts, nothing. However - we have an affordable solution that can monitor for this, and help put you and your organisation on the front-foot when it comes to cyber security.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.

Reach out to our friendly team to see how we can help.

Each time we onboard a new client that already has 365, we undertake a review of what is in place.

What do we almost always find? ... Excess users. Often to surprise (and sometimes shock) - "That person hasn't worked here for years". This typically ends up with a list with lots of red lines, itemising the old users to remove.

It is an effective clean up, however that is only valid at that point in time. How do we handle user lists over time? We have 3 main ways to address the problem:

a) We provide our clients with a list of users in their 365 system on a monthly basis.

b) We monitor for common services that are not utilised by an account. For example, if a team member is not utilising their email, it likely means that user has left.

c) We monitor for logins that have not been active for many months.

Why is this important? Only active and valid users should have access to your environment. Idle accounts are a serious security risk.

Want more information? Reach out to our friendly team.

fb.me