Cyber Security in flexible workplaces – Webinar key takeaways

On Wednesday, 30/09, and Thursday, 01/10, we hosted two online Brekkie Power-hours covering the topic Cyber Security in flexible workplaces. Both sessions were a complete success with lots of positive feedback from participants. Zubair, our Security guru, was in charge of the presentation and responsible for translating a technical and complex topic into plain English with actionable steps. Not an easy task, but he did a great job, as usual, so we think it’s worth sharing his tips and recommendations.

Security has evolved

In the past, when we talked about security, we’d normally refer to the firewall or anti-virus and the measures you had in place for everything related to infrastructure. Nowadays, security has evolved and there are many other factors to consider with people working remotely, on their own devices and in multiple cloud services. With so many gateways for attackers to target your organisation, organisations struggle to keep on top of the new and creative ways attackers use to get through and compromise your business.

5 basic layers of protection

We have identified 5 basic layers of protection that almost every business can relate to. Focusing on these 5 layers and covering the essentials of these layers are a great start to differentiate your organisation from an easy target.

Zubair covered each individual layer and divided the security measures between “well-known”, such as anti-virus and anti-spam, and “not so well-known” such as enabling conditional access. He also made the analogy of security to the door that you use to protect your business. If you own a business and you get broken into, the first thing you’re probably going to look at is how they got in or what was taken, so you the first step would be changing the type of lock, put up a steel door or get a better alarm system.

The same goes for Cybersecurity – It all depends on what you’re trying to secure, how much it’s worth and how much you would like to spend keeping it safe. In each of these layers, some protection measures may be similar to that steel door that may not be required for you, however, some of the items may be that basic lock you put on the door which is the minimum security requirement.

Security essentials and advanced options

Email

Well-known

1. Anti-Spam / Anti-Phishing – consider whaling, phishing, and spear-phishing attacks
2. Malware Attachment Scanning
3. Unsafe Link detection
4. Email Domain Security (SPF/DKIM/DMARC)

Not so well-known

1. Malicious Outlook Rule Detection
2. Controlling security and policies for the devices that corporate emails connect to (especially for personal devices)

Web

Well-known

1. Web Threat Protection
2. Web Content Protection

Not so well-known

1. Browser Management
2.  Plug-In Management – Do you manage browsers and add-ons that are used in your organisation?

Infrastructure

Well-known

1. Having a Corporate Application Layer Firewall.
2. Securing your remote access into your network (Secure Gateway)
3. System updates and vulnerability management
4. Data Redundancy and Resiliency – are all your cloud applications backed up?
5. Network Policy and Access Rights Management – do you keep track of third parties that have access to your data?

Not so well-known

1. Monitoring and mitigating Software Supply-Chain Attacks
2. Cloud Application Security

Device

Well-known

1. Anti-Virus and Threat Protection
2. Operating System Patch Management – Can your IT Dept report on which computers are missing patches?
3. Vulnerability Detection and Remediation

Not so well-known

1. Application / Software Control
2. Peripheral Control
3. Access Control
4. Data Protection

User

Well-known

1. Identity and Access Management (MFA) – This is the most effective way to improve your security.
2. Conditional Access and Geo Blocking – Are there countries you will likely never login from?
3. Password Management and Policy – Banning common passwords and implementing password complexity

Not so well-known

1. Security Awareness Training – Do your users know how to spot a phishing email or how to avoid Business Email Compromise?
2. User Risk and Sign-in Risk Management – Are your credentials on the dark web or part of a recent breach?

Download Zubair’s Security tips here!

Cyber Security with Microsoft 365

The Microsoft 365 suite offers powerful security for your environment as part of the flagship Microsoft 365 Business Premium Product, this includes conditional access, mobile device management and password protection. One of the key security components in the Microsoft 365 Business Premium is the Advanced Threat Protection for SharePoint, OneDrive, and Teams. This means that the software scans for malware in documents/files uploaded or shared in those apps. If you want additional security instead of paying for the expensive “all in one” license from Microsoft 365 E3 and E5, you can purchase only the Enterprise Mobility Suite (EMS) E5 license. This is an add-on that will:

• Upgrade your conditional access to also monitor your users for compromises on the dark web.
• Give access to cloud app security, which allows you to map out your users’ cloud usage for services like Dropbox and Salesforce, and create policies to manage the usage of these.

When asking for a recommendation of which license your business should have, Zubair goes back to the steel door analogy. Most businesses get what they need from the Microsoft 365 Business Premium, however, if you want an extra and more advanced layer of protection, then you should consider the EMS E5 add-on. Important to remember that Not-For-Profit organisations get a large discount on Microsoft 365 licensing. If you’d like to know more about the options available, contact us and we can go through what licenses would work for you.

How Bremmar supplements Microsoft 365 security

We’d like to bring attention to the following:

Cyber security awareness training

• Run a 3-month campaign to simulate phishing attacks
• Get a report with a summary of who clicked and exposed the business to an attack
• Receive simple training videos, emails, and infographics to educate your users

Microsoft 365 Security Assessment

• Perform a complete Microsoft 365 security review – and beyond!
• Get your Microsoft 365 secure score report
• Know recommendations to improve your security and best practices

Microsoft 365 backup

• Protect your business from data loss by human error (deletion of files)
• Secure your business in case your data gets compromised by malware
• Have peace of mind knowing that everything within Outlook, Teams, SharePoint, and OneDrive is backed-up. Same goes for G-suite.

How can we help you?

Bremmar are experts in remote working initiatives, security and digital collaboration processes. As accredited Microsoft Gold Productivity Partners, we can help you and your team leverage the power of the Microsoft 365 Stack to work smarter. We manage IT services for a number of NFP, Aged Care, Engineering, Mining and Construction organisations and understand the unique needs of these sectors. Why not set up an initial meeting to learn more? Call us on 1300 991 351 or email help@bremmar.com.au

Book a security consultation with Bremmar! 👇👇👇

  Or fill in the form below and one of our consultants will get back to you!

By Gabriela Guerra - Marketing Manager

Our Marketing & Events professional has a strong understanding of customer and market dynamics, both nationally and internationally. Passionate about the IT industry, Gabi successfully built Bremmar’s Marketing Department form the ground up.  She’s lived in 5 different countries and loves to learn about different people & cultures.