Welcome to our first Newsflash of 2020. We are pleased to welcome two new additions to our team for the start of the year.
Microsoft 365 – Dynamic, complex and challenging
In some of our previous articles we discussed the challenges that organisations need to contend with in order to ensure their Microsoft 365 (M365) environment is securely configured.
Some of the key learnings we noted from our customer engagements were –
Even well managed and mature sites have been compromised.
It is important to know all your data aggregation points at all times.
Data sharing across the M365 environment is misunderstood.
Identifying termination points (where data can be readily shared with external parties) is critical.
Cloud service mapping and effective management reduces unnecessary risks and exposures.
Knowledge of all M365 capabilities and security dashboards aids prevention or early detection.
For this Newsflash we asked one of our consultants to outline some of the more common findings from his work in providing a Security Configuration Audit Service to Microsoft 365 customers.
His nominations are -
The option for users to register Microsoft and 3rd party applications is configured at multiple locations. If all of the configuration selections are not in accordance with security best practices this could lead to a potential security breach.
Users are able to provide a blanket consent to company data stored within the M365 environment. While this can be effectively managed with a secure configuration, when it is incorrectly implemented there is a risk of providing unrestricted data access to potentially malicious applications.
The concept of least privilege is not followed by the default environment configuration, the settings to fine-tune and limit the user’s ability to view M365 security configuration items are commonly overlooked.
Microsoft Teams provides a range of good functionality and interacts with many default and 3rd party applications as it’s standard configuration option. Securing the Microsoft Teams configuration is key to limiting any on-going data sharing activity and avoiding users unknowingly creating data security risks.
Microsoft Secure Score provides recommendations regarding the implementation of security options within the M365 environment. Some of these recommendations or options may not align with best practice or industry standards. Following these recommendations without expert input may result in introducing new risks to the environment.
M365 is helping organisations improve collaboration and productivity. A comprehensive range of security controls options are available in M365 however, the dynamic and changing nature of the environment means that security gaps and vulnerabilities are very likely to exist.
Organisations of all sizes are highly dependent upon technology. Ensuring your people understand what is expected of them when using organisational technology, systems and data is key to minimising the threat of reputational damage and the potential loss of business.
The IT Policy System Lite is designed to help organisations of less than 200 users set the foundations for a safe computing environment. The system is cloud based and branded for each of our customers. A typical deployment covers 18 key policies in an easy to use system.
Our delivery process sees a Kaon Security consultant run a workshop for each new customer to ensure the system is customised to their business requirements. Thereafter Kaon Security ensure it is kept up to date in terms of policy wording, terminology, relevant best practice and standards information.
Writing policies, maintaining them and ensuring they align with best practise requires a significant investment of time and effort. In deploying the IT Policy System Lite our customers have commented that it is very cost effective, and has meant they can then focus on improving cyber security awareness and running their business.
View the IT Policy System Lite video.
Contact us to discuss how Kaon Security can assist your organisation create and maintain a secure IT environment.