Modern Security for Modern Threats
Business IT Security needs are dynamic and constantly changing so some of this may change without notice.
You only have to pick up the paper or almost any current affair or news bulletin to see someone being hacked or ransomed to see what happens when short cuts are taken, patches aren’t applied or staff aren’t trained or someone says 2FA is too hard to see what can happen…
Just ask yourself, “how much can we afford to lose ?” – the bad guys are not doing this for kicks, they are monetising their nefarious activities and making serious revenues doing it too.
Case Study: Fran Finnegan’s story is all too common, he re-used a password and his life changed!
Let’s start with a real life story closer to home, lets call it The $500K Near Miss!
Business Email Compromise is one of the most common ways criminals can monetise the theft of your credentials and this one likely started with a Phishing Incident, as many breaches do…
This Real life example was relayed recently to us for opinion and explanation by one of the parties involved and I have obfuscated some details to protect various identities but this actually happened and proves how important security can be and that nobody is too big or too small to be a target:
I received a call from good customer who told be one of their customers was the victim of an email breach. They know this because they received a fake email for a bank account change on from their client… right around the time they were finalising a deal worth more than $500K! The other party quizzed their IT Support who then enabled 2FA for their client. Enabling 2FA is a positive step but best practice is to have 2FA enabled all the time, always and it’s FREE so it should have been in place already.
This story tells me that someone was watching their emails and has almost certainly infiltrated their systems so just turning on 2FA may not be enough, they will need to investigate the breached accounts and make sure it cannot happen again.
I am pleased to report this was a near miss as thankfully the my client called his customer and queried the bank detail change before anything bad happened… We should always verify these changes first, no matter how tedious it may seem.
We then had a long chat about how this happens and how can these be stopped in future…
In this example, DMARC would have prevented the fake email being delivered, 2FA could have mitigated the Phishing opportunity and disabling email forwarding and Conditional Access would have almost certainly reduced this to a non-event.
Microsoft Secure Score
Microsoft Secure Score is a representation of your organisation’s security posture, and highlights opportunities to improve it so if your IT hasn’t attended to securing your Microsoft Cloud there really isn’t any excuse.
We recommend you ask your IT admin or Outsourced IT Company for your Microsoft Secure Score and if it’s under 60% you know there’s work to do.
If they don’t know about Secure Score then please give us a call and we can help you.
Managing your own Microsoft 365 Tenant is a specialist field and you cannot possibly run the tenant and your own business.
If you are managing your own tenant and you have a low secure score, don’t panic… knowing your score gives you a place to start and now you can contact us to discuss how to improve your security posture.
A Typical Secure Score
Here’s a secure score recently reported to us. If your score is anything like this then you are very likely a sitting duck.
A sitting duck typically has no 2FA, no security controls or policies in place to protect their data and if not hacked yet, just wait a while, they will get to you soon.
A Good Secure Score
Here’s a Secure Score of a business that’s going in the right direction.
Here you can see they have done solid work in Identity, Device and Application protection. There is also room to improve here and no doubt the IT department has a plan for that.
If your Secure Score is less than 40% you should be very concerned and begin looking to improve your situation as soon as possible.
Give us a call, there are some very low costs options which greatly improve your security.
Enabling 2FA Authentication for your Microsoft 365 prevents many account hacks and we can extend this further with Conditional Access, Defender and more.
Conditional Access Policies
Conditional Access Policies give you control. With CA you can limit where and how your Company Data can be accessed from which is important because in a modern workplace the security perimeter now extends far beyond an organisation’s office network to include user and device identity. The security perimeter extends to wherever your data is used, such as home offices and hotel rooms.
Conditional Access Policies bring identity signals together, to make decisions, and enforce organisational policies.
Conditional Access is at the heart of protecting your data and identity.
Your exposure and risk reduces when we place controls around where or how your data can be used.
For example you could use Conditional Access Policies to limit access to your Microsoft 365 data to a limited geographic region or to a specific IP address.
Email Security & ATP
Being internet connected and using email means we are subjected to a constant barrage of ever changing threats.
Microsoft’s Threat Protection policies and tools greatly enhance security.
Email still presents as the most risky & the most leveraged threat vector.
Spam Filters, Safe Links, Safe Attachments and Anti-Phishing policies all do a great job evolving to keep pace but inevitably something will get through. That’s where your last line of defence needs to kick in and not open the email, not click the dodgy link and so on… the last line of defence is your staff so keeping them alert, trained and able to spot fakes is important.
3 Essential Free Email Security Tools: DKIM/SPF/DMARC
DKIM improve email deliverability
DKIM adds an invisible digital signature (secured with encryption) to every email is an email facilitating server level validation that an email was sent and authorised by the owner of that sending domain.
When the recipient confirms the email is signed with a valid DKIM signature it can be certain that parts of the email haven’t been modified.
Sender Policy Framework (SPF)
SPF provides another way to validate the senders right to send on behalf of the domain.
With SPF we specify which systems can send for a domain (these can be IP addresses or domain names). We can then test SPF for each message resulting in a PASS or FAIL further building intelligence signals contributing to the trustworthiness score of the message and the sender’s domain. Some systems take the FAIL and dump the message though best practice is feed this into DMARC.
DMARC – Control of Your Email, Protect Your Brand!
DMARC takes a little extra work to setup but it gives control over your domain and the confidence to know that senders cannot impersonate your domain and send emails pretending to be from you will be dumped or flagged to security systems.
DMARC links SPF & DKIM results to create an “alignment” and depending on the “alignment” we can control what happens when the message is received.
When DMARC alignment fails we can report it and do nothing or we can tell the receiving server to quarantine or reject the message. Our best practice is to quarantine and let anti-phishing policies determine if it should be rejected as there may be occasions where a legitimate message may fail the DMARC alignment test.
Microsoft Defender for Office 365
Defender for Office365 brings a range of protections to the table, running 24×7 to protect you:
Anti-Phishing: Protect users from phishing attacks, and configure safety tips on suspicious messages.
Microsoft 365 includes built-in features that help protect your users from phishing attacks. We set up anti-phishing polices to increase this protection.
For example, you can refining the settings to better detect and prevent impersonation and spoofing attacks.
The default policy applies to all users within the organization. You can create custom, higher priority policies for specific users, groups or domains
Anti-malware: Protect your organization’s email from malware, including what actions to take and who to notify if malware is detected
Anti-spam: Protect your organization’s email from spam, including what actions to take if spam is detected
SafeLinks: Protect your users from opening and sharing malicious links in email messages and Office apps
Defense for SharePoint Online, OneDrive, and Teams.
Protection with Zero-Hour Auto Purge (ZAP): an email protection feature that retroactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered to Exchange Online mailboxes.
Advanced Anti-Spam and Anti-Malware Filters
Exchange Online Spam and Malware Filters are the frontline of your email defence cleaning and filtering the inbound emails as then arrive.
We customise these to elevate these built in protections and increase their effectiveness by utilising our experience and best practices.
In our opinion you do not need third party spam filters in front of Exchange when it’s properly configured. Microsoft have more signals in their system that any of the virus or spam filter providers so using third party products in front of Exchange limits the native signals that Exchange gets about emails and reduces your protections and third party tools add extra costs. Save yourself some cash and let Exchange do the job for you.
But my IT Guy says I am 100% Secure ?
When your someone in IT says you are 100% protected you have to push back and query it!
It’s impossible to be 100% secure unless you disconnect from everything and turn off your computer.
100% Secure is just a fallacy these days because we all need the internet and as soon as you bring staff into the mix there’s always going to be human error.
Thinking you are 100% Secure can lead to unforeseen consequences and careless practices that can leave you exposed.
Our commitment to all customers:
We will help you get more out of your Microsoft 365 systems and help you do it as securely as practical and we will do our best to help keep you secure.