Knowbe4 Security Training: The Importance of End Users and Security Awareness

 

In today's digitally driven world, businesses face ever-increasing cyber threats that can compromise sensitive data, disrupt operations, and damage their reputation and credibility. While many organizations invest heavily in robust cybersecurity measures, they often overlook one critical component: training their end users.

 

End users, whether they be employees or customers, are the first line of defense against cyber threats -- which is why proper training and awareness is so imperative. A popular platform for this exact endeavor, KnowBe4, understands that strengthening end-users’ awareness and safety precautions is key for fortifying a business’ security posture.

 

KnowBe4 was founded in 2010 by Stu Sjouwerman, a cybersecurity expert with over 30 years of experience in the industry. Since its inception, the platform has helped thousands of organizations improve their security posture and protect against cyber threats.

 

In this blog, we will discuss the importance of security awareness training and phishing simulations, and how, with these tools and tactics, KnowBe4 can help organizations set their end-users up for success and achieve their security goals.

 

The Importance of Security Awareness Training

 

In today's digital age, cyber threats are becoming increasingly sophisticated and frequent. Hackers are constantly looking for new ways to exploit vulnerabilities in an organization's security system, and one of the most effective ways to do this is through social engineering.

 

Social engineering is the use of psychological manipulation to trick people into divulging sensitive information or performing actions that compromise security. Security awareness training is essential for organizations to protect themselves against these specific types of attacks.

 

By educating employees on how to identify and respond to potential security threats, organizations can reduce the likelihood of successful attacks and mitigate the damage caused by any breaches that do occur.

 

Security awareness training should cover a range of topics, including:

 

Phishing

Phishing is the most common form of social engineering attack, and it involves sending fraudulent emails that appear to be from a legitimate source to trick users into clicking on a malicious link or downloading malware. Employees should thoroughly understand how to identify phishing emails and how to navigate an attempted attack properly.

 

Password Security

Weak passwords are a major security vulnerability. That is making sure employees understand the importance of strong passwords, and how to create them and keep them secure should be a priority.

 

Mobile Device Security

With the rise of remote work, mobile devices have become an increasingly larger target for cyber criminals. Helping employees secure their mobile devices and use them safely is instrumental for keeping both their personal and professional data safe.

 

Social Media Security

Today, we’re seeing social media platforms become goldmine of personal information for cyber criminals. All employees, and especially those who have access to a company’s social platform accounts, should be taught how to use social media in a safe and secure way.

 

The Importance of Phishing Simulations

 

We mentioned the importance of training for phishing attacks. One great way to counter these kinds of threats is with phishing simulations. Phishing simulations are mock phishing attacks that are used to test an organization's security awareness training program.

 

By simulating real-world phishing attacks, organizations can identify areas where employees need additional training and improve their overall security posture. Phishing simulations should be designed to be realistic and challenging, and they should be conducted on a regular basis to ensure that employees remain vigilant and up to date with the latest threats.

 

The Impact of Security Awareness Training and Simulations for End Users

 

Let’s take a look at the specific impact of this training and why it is so beneficial for both individual employees and organizations at large.

 

Heightened Awareness and Vigilance

End users are the biggest target for various cyberattacks. Educating users about the latest tactics used by cybercriminals helps them remain vigilant and empowers them to make informed decisions when encountering potential risks.

 

Mitigating Human Error

Human error is a leading cause of security breaches. This is because end users, often unknowingly, engage in risky behaviors like clicking on malicious links or downloading suspicious attachments.

 

Through comprehensive cybersecurity training, businesses can teach their workforce how to recognize these risks, adopt safer practices, and minimize human error. In doing so, organizations can significantly reduce the likelihood of successful cyberattacks and subsequent data breaches.

 

Safeguarding Customer Data

Organizations entrusted with customer data bear a responsibility to protect it from unauthorized access. Training end users, particularly employees who handle customer information, reinforces the importance of data security and the potential consequences of mishandling sensitive data.

 

This benefit not only lends protection of the organization’s data in and of itself, but also to the reputation and credibility of said organization as well. By educating employees on data protection best practices through regular training, businesses can create a culture of security that safeguards customer data.

 

Strengthening Incident Response

Effective cybersecurity training not only focuses on preventing attacks but also prepares end users to respond appropriately in the event of a breach. Training programs can include guidance on incident reporting procedures, recognizing signs of a breach, and immediate response actions.

 

When end users are adequately trained and given the proper tools, they become an integral part of the incident response process, allowing organizations to mitigate the impact of an attack swiftly and effectively.

 

Reinforcing Regulatory Compliance

Compliance with industry-specific regulations and data protection laws is essential for businesses operating in today's legal landscape. Training end users on the relevant regulatory requirements --especially in an engaging and interesting way -- ensures that they understand their obligations and the potential consequences of non-compliance.

 

By integrating compliance-focused training that actually engages end users into cybersecurity programs, organizations can greatly reduce the risk of regulatory penalties and reputational damage resulting from data breaches and compliancy issues.

 

Fostering a Culture of Security

Cybersecurity is not solely an IT department's responsibility; it is a shared responsibility across the entire organization. By training end users in a continuous way, businesses foster a culture of security where every individual understands their role in protecting sensitive information.

 

This culture shift ensures that cybersecurity becomes ingrained in daily routines, leading to a proactive and vigilant approach towards potential threats.

 

How KnowBe4 Can Help

 

KnowBe4 offers a comprehensive security awareness training and phishing simulation solution. The platform helps organizations of all sizes improve their security posture and even incorporates AI. There are a range of features and tools included that make security awareness training and phishing simulations easy, engaging, and effective.

 

Here are some of the key features of the KnowBe4 platform:

 

Pre-built training content

With KnowBe4’s pre-built training content, you’re able to provide your organization with a multitude of resources and training on a variety of security awareness topics. This content is available in multiple formats including videos, interactive modules, and quizzes. It can also be customized to meet the specific needs of each organization.

 

Phishing simulation templates

KnowBe4 offers a range of phishing simulation templates that mimic real-world phishing attacks. These templates can be customized to fit the specific needs of your organization. They can also include a range of different scenarios and attack types.

 

Reporting and analytics

KnowBe4's platform includes robust reporting and analytics tools. These tools provide organizations with detailed insights into the effectiveness of their security awareness training program. Track employee progress, identify areas where additional training is needed, and measure the overall effectiveness of the program.

 

Automated campaigns

Access KnowBe4's automated campaigns! These campaigns enable advanced scheduling to ensure that employees receive regular training. This allows your team to stay engaged and maintain their level of security awareness so that they’re always ready.

Knowbe4 security. Knowbe4 security.

Continuous Education

This powerful platform provides ongoing security education and awareness to end users. This is essential in a rapidly changing threat landscape, where new threats and attack methods are constantly emerging.

 

We're living in an era where cyber threats are prevalent and evolving at rapid speed. Businesses cannot afford to overlook the importance of training their end users. By investing in comprehensive training programs, organizations empower their employees and customers to be proactive in identifying and mitigating risks.

 

This is because effective training enhances awareness, reduces human error, protects customer data, strengthens incident response capabilities, and ensures compliance. Ultimately, training end users becomes an invaluable asset in fortifying an organization's overall cybersecurity posture.

 

KnowBe4's platform helps businesses create a culture of security and end user empowerment. Contact us here to learn more about implementing this invaluable resource into your cybersecurity strategy today!

KnowBe4 Security.  

What’s the difference between data security and data privacy? [Updated 2020]

Introduction

In this post, we’ll provide an all-encompassing run down of data security and data privacy, why it’s important, real-world examples, and key tips for your organization to keep your data secure and private.

Data security and data privacy are strongly interconnected but not the same. Knowing the differences is important to better understanding how they work, and what they each mean to your business.

With GDPR over a year old, and the California Consumer Privacy now in effect, it’s now more important than ever for organizations to make sure they understand what these two things are, why they matter and how to address them in their day to day business operations.

It’s especially important for industries with strict compliance laws such as healthcare, legal services, finance, and biotech, however, it does apply to anyone collecting data. It also should be noted that this doesn't just apply to the IT or Compliance department, but really the entire organization from marketing and sales to customer service.

What’s the difference between data security and data privacy?

Data privacy is a part of data security and is related to the proper handling of data - how you collect it, how you use it, and maintaining compliance.

Data security is about access and protecting data from unauthorized users through different forms of encryption, key management, and authentication.

Why is Understanding the Difference Important?

With all the legalities now in place protecting consumer’s privacy and data, it’s critical that your business understands the implications of not understanding nor addressing these two items. Now that we’ve covered what they actually are, let’s dive into what it means for you.

As a business, it is your responsibility to keep your data secure and as a result, that also means protecting your employees’, customers’, partners’, and any other contacts’ data safe and secure. Without proper measures in place for this, there are a variety of scenarios that can happen:

1. If you don’t have proper security measures in place such as Multi-Factor Authentication, Multi-Device Management, Identity Management, your business could be at risk for a breach. Aside from employees, your data is your most critical asset. If it becomes compromised, the business will suffer dramatically and may even cease to exist.

About 60% of hacked small and medium-sized businesses go out of business after 6 months. 

2. Without proper measures in place to keep your employee or customer data private, you could be in violation of a variety of regulations. For example, healthcare companies must abide by HIPPA and not share sensitive patient information. This personal information should also not be sold or redistributed without consent. In doing so, you could be 1) violating the law and 2) end up with disgruntled customers who end up leaving you for a competitor. Either way, it has a significant impact on your revenue between fines and loss of customers. Not to mention the reputation you will form that could have lasting effects.

What Are The Legal Implications? GDPR & CCPA Compliant

What GDPR Means for Your Business

With the EU’s General Data Protection Regulation (GDPR) now in place, businesses need to protect the “personal data and privacy of EU citizens for transactions that occur within the EU.” Now, even though this might seem like something similar to the US, there is a significant difference concerning how the EU and US look at identification information.

While under GDPR compliance, companies need to use the same level of data security for both stored personally identifiable information such as social security numbers, as well as cookies. And even though the GDPR applies to the EU, it also applies to anyone that has dealings within the EU.

To learn more about GDPR, here is a checklist we created to make sure your organization is protecting your data.

What CCPA Means for Your Business

The California Consumer Privacy Act (CCPA) took effect in January of 2020. The reasoning behind this bill was to protect the privacy and data of consumers. Essentially, it gives people the right to determine how their data is stored and shared.

With this law in place, and other states starting to follow, it’s critical for businesses in California to understand the legal ramifications and how to abide by the new law. This new law “creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses” meaning California residents have the right to:

  1. Know what personal data is being collected, access to that data and the ability to request that their data is deleted
  2. Know if that data is being sold and to whom as well as the ability to opt-out of having their data sold

The CCPA applies to the following businesses (must meet only one of the following):

  1. Annual gross revenue greater than $25M
  2. Buy or sells the personal information of 50,000+ consumers/households
  3. Earns more than half its annual revenue from selling consumer information

While this may not apply to you now, there are other states and even discussions at the federal level where data privacy rights will be more commonplace. Data isn’t going anywhere, in fact, it’s only growing, so regardless if you fall into today’s thresholds, it can’t hurt to start thinking about it for the future.

Here are a few more tips for being CCPA compliant.

 

One Real-World Example of Not Abiding By Data Privacy Laws

In January 2019, Google was fine $57M under the new GDPR law. This shows that even the biggest companies are still struggling with what this means to them and how to incorporate the right security and compliance measures within their business ecosystems.

The complaint came from a privacy group that accused Google of not properly adjusting their data collection policies with the new GDPR regulations. While the fine may be “immaterial,” it goes to show how much they’re really cracking down on this new law.

3 Tips and Reminders for [Staying Data Secure]

    1. Enable Multi-Factor Authentication whenever and wherever possible. This allows you to have better access control with your logins
    2. Research and make sure you’re aware not only of your industry regulations but state-wide, national, and global laws that may impact you as well.
    3. Work with your IT team to make sure measures and policies are in place to protect user access controls.

 

Data Governance and Identity Lifecycle Management

One of the best places to start is making sure you're governing your data and enabling the right individuals to access approved resources, resulting in lowering your security risk. How do you do this? It starts with identity management. Identity management is the security and discipline that enables the right people to access the right resources at the right time for the right reasons. There are many tools that allow for this - our favorite being Azure Active Directory. By implementing Identity Management across your systems and network, you ensure all employee activity and data are monitored and managed in a secure way. For example, so many people are working remotely and still collaborating today - documents are being sent back and forth and shared in a variety of ways. Identity Management allows your employees can do this safely.

Conclusion

In conclusion, while data privacy and data security are certainly interconnected, there are different ways to properly address both.

As a reminder, data security focuses on the technology and tools required to deter cybercriminals from getting their hands on your information such as social security numbers, credit cards, accounts, etc.

Data privacy is complying with local and federal laws within and also outside your industry to ensure the data you’re collecting and the processes behind obtaining and what you do with that data are law-abiding.

Both are incredibly important, so I hope this article helped point you in the right direction.

If you wish to learn more, check out our tips on preparing for the CCPA. If you wish to learn more about how we can help you, learn more about our Compliance Management and Identity Management solutions.

Don’t like Mondays? Neither Do Attackers.

Monday may be our least favorite day of the week, but Thursday is when researchers say that security professionals should watch out for cyber-criminals; paying attention to trends like this can greatly reduce the potential for damage.

Attackers will spend just as much time planning when an email should go out as they do on what it will look like. According to Proofpoint in its Human Factor Report, malicious email attachment message volumes spike more than 38 percent on Thursdays over the average weekday volume, while Wednesdays came in second. “Attackers do their best to make sure messages reach users when they are most likely to click: at the start of the business day in time for them to see and click on malicious messages during working hours,” Proofpoint researchers wrote in the report. Weekends came in last, however, this doesn't mean that Saturday and Sunday are completely safe.

Malicious emails can arrive any day of the week, but there is a clear preference from attackers as to when to send certain threat categories. For example, Keyloggers and Backdoors tend to be sent on Mondays, and Wednesdays are peak days for banking Trojans. Ransomware tends to be sent between Tuesdays and Thursdays, while point-of-sale Trojans arrive towards the end of the week (Thursdays and Fridays) since security teams do not have as much time to detect and mitigate new infections before the weekend. On the weekends, according to Proofpoint, ransomware is what attackers primarily send with few exceptions.

Security teams need to be particularly alert on Thursdays as malicious attachments, malicious URLs, ransomware and point-of-sale infections all favor that day. In addition to these, credential stealing campaigns also favor Thursdays.Thursday were host to a clear increase in malicious attachments being sent, but emails with malicious URLs (the most common vector for phishing attacks designed to steal credentials) were constant throughout the week, with only a slight increase on Tuesdays and Thursdays.

Attackers understand employee email habits and know that feeding employees with a well-crafted email at the optimal time will bring higher success rates. The bulk of attack emails are sent four to five hours after the start of the business day, peaking around lunchtime. Proofpoint’s analysis found that nearly 90 percent of clicks on malicious URLs occur within the first 24 hours of delivery, with a half of them occurring within an hour, and a quarter of the clicks occurring within just ten minutes.

The time between delivery and clicking is shown to be the shortest during business hours (8 a.m. to 3 p.m. Eastern) in the US as well as Canada. The UK and rest of Europe had similar patterns to the US and Canada, however, there was some stratification in the averages according to region. For example, clicking on malicious links peaked around 1 p.m. in France while it peaked early in the workday in Switzerland and Germany. Users in the UK spaced out their clicks throughout the day, but there was a clear drop in activity after 2 p.m.

While it’s important to block and keep malicious messages from reaching the inbox to begin with, the other side of email defense is to be able to identify and flag messages that made it to your inbox and block those links when you realize that they are malicious. If you are able to accomplish this, you can greatly reduce the potential danger that these emails pose.

Proofpoint focused on email-based attacks, however, email wasn’t the only medium in which attackers paid attention to the day of the week. An analysis of all attacks, investigated by the eSentire Security Operations Center in the first quarter of 2017, found that some methods of attack were more likely on given days. The volume of threats, which in eSentire’s report included availability attacks such as distributed denial-of-service (DDoS), fraud, information gathering, intrusion attempts, and malicious code, was highest on Fridays followed by Thursdays. The day of the week did not matter as much when it came to availability attacks, but weekends showed a great dop-off in the amount of risk involved. Malicious code was most common on Thursdays, and intrusion attempts were higher on Fridays.

There is no day off when it comes to defense. The security tools scrutinizing email messages as they arrive, before letting them reach user inboxes, have to be capable of handling peak volumes without sacrificing performance. But if defenders know that the second half of the week tends to be worse in terms of malware and credential theft, they can put in extra monitoring and scanning to detect possible new infections. By allocating more time in the second half of the week to investigate alerts, security teams may detect attacks sooner, and reduce the potential damage.

Do you think that small businesses don’t need a disaster recovery and backup plan? Here are 5 reasons you might want to rethink that decision.

[vc_row][vc_column][vc_column_text]mobile device management - managed solution

Employee devices bring added security concerns

By Cindy Bates

The explosion in recent years of mobility solutions and ‘bring your own device’ policies has had a big impact on small businesses.

In fact, 52 percent of information workers across 17 countries report using three or more devices for work, according to research from Forrester and 61 percent of workers mix personal and work on their devices.
On one hand, there are huge benefits for organizations and employees — employees can be far more productive and work on the go with untethered access to the information they need. Business owners can also realize cost savings while reducing the time spent managing IT.  Yet, there are risks: namely, how do businesses protect confidential information from leaking outside of the organization when employees can access and store data in a multitude of ways across devices.
When employees use personal devices for work, they can be mishandled inadvertently, like an accidental forward of a confidential mail, or in more nefarious ways, such as a hacker gaining access to confidential information through stolen credentials.  According to a Verizon data breach investigation report, 75 percent of network intrusions used weak or stolen credentials to gain access.
It’s important to have a strong device policy in place but even when the rules are clear, there is room left for costly errors. CEB found that as many as 93 percent of employees admit to violating information security policies. That means, depending on your business, there is a wide variety of data that could be at risk.  It may be customers’ personally identifiable information, such as in healthcare, retail or financial institutions, or company confidential information, such as trade secrets, company financials, or employee records.  With so much data available, traditional company firewalls and perimeter solutions no longer suffice to protect confidential information wherever it lives.  Today, many small businesses are cobbling together a number of solutions to attempt to solve this problem.  But none tie it all together until now.
Microsoft has developed Microsoft Enterprise Mobility Suite (EMS), which is the only comprehensive solution that protects information assets across four layers: user identity, content, applications & cloud services, and devices.  When combined with Office 365, it offers native protection for applications and services. Best of all, it’s about half the cost of competitive solutions. Not only is EMS flexible and easy to integrate, it offers enterprise-grade security for small businesses. Key security features include:

To Learn More about Professional Services, contact us at 800-208-3617

Network Assessment & Technology Roadmap


[/vc_column_text][/vc_column][/vc_row]

4 Reasons More Businesses are Choosing Managed Service Providers

[vc_row][vc_column][vc_column_text]

Better business needs better business tools. Successful companies are using Managed Service Providers to increase profitability without out-of-control IT costs.

A Managed Service Provider advises in the selection and design of Cloud, mobile and on premise environments.  With our flexible management service models your infrastructure becomes agile, secure and cost effective with a pay-on-a-per user model.  Check out these four reasons modern businesses are choosing Managed Service Providers: 

1) Cloud Strategist guides to the RIGHT CLOUD strategy  

2) Flexible CHOICE to integrated layered support services 

3) Secure Data access from anywhere, any device

4) Trusted Technology Roadmap Advisor & Partner

[/vc_column_text][/vc_column][/vc_row]

Azure Site Recovery & Backup

[vc_row][vc_column][vc_column_text]

Azure Site Recovery & Backup

As statistics go, it’s telling.  Ninety percent of executives recently surveyed agreed that they needed a business continuity and disaster recovery (BCDR) plan. Is your organization one of the 90 percent still without a BCDR plan? If so, we can help.

Drive Business Results Through Microsoft Azure Site Backup & Recovery (ASR)

Simple, Automated Protection: With Azure Site Recovery, protect Hyper-V, VM Ware, and even physical servers. Orchestrated recovery of services in the event of a site outage at the primary data center. Create multiple recovery plans to fail over only certain applications when you have a particular failure in your data center. Test Recovery with Confidence. The Test Fail-over feature ensures you have confidence in the recovery solution and meets SLAs for your business. Perform planned fail overs with zero loss of data when you know about a disaster situation in advance.

capabilities of BCDR plan

Did you know...

According to research by the University of Texas, only 6% of companies suffering from a catastrophic data loss survive, while 43% never reopen and 51% close within two years. ASSESS, ENABLE, and CAPTURE with your business' Azure Site Recovery plan. Call 800-208-3617 to get started!


[/vc_column_text][/vc_column][/vc_row]

Azure Backup security capabilities for protecting cloud backups

Azure Backup security capabilities for protecting cloud backups

By Pallavi Joshi as written on azure.microsoft.com
More and more customers are hit with security issues. These security issues result in data loss and the cost of security breach has been ever increasing. Despite having security measures in place, organizations face cyber threats because of vulnerabilities exposed by multiple IT systems. All these and many such data points pose very strong questions – Are your organization’s IT applications and data safe? What is the cost of recovering from the huge business impact in case of cyber attacks? If you have a backup strategy in place, are your cloud backups secure?
Currently, there are over 120 separate ransomware families, and we’ve seen a 3500% increase in cybercriminal internet infrastructure for launching attacks since the beginning of the year” points out a recent CRN Quarterly Ransomware Report. To mitigate the threat of such attacks, FBI recommends users to regularly backup data and to secure backups in the cloud. This blog talks about Security Features in Azure Backup that help secure hybrid backups.

Value proposition

Malware attacks that happen today, target production servers to either re-encrypt the data or remove it permanently. Also, if production data is affected, the network share as well as backups are also affected, which can lead to data loss or data corruption. Hence, there is a strong need to protect production as well as backup data against sophisticated attacks and have a strong security strategy in place to ensure data recoverability.
Azure Backup now provides security capabilities to protect cloud backups. These security features ensure that customers are able to secure their backups and recover data using cloud backups if production and backup servers are compromised.  These features are built on three principles – Prevention, Alerting and Recovery – to enable organizations increase preparedness against attacks and equip them with a robust backup solution.Azure Backup Security Principles

Features

  1. Prevention: New authentication layer added for critical operations like Delete Backup Data, Change Passphrase. These operations now require Security PIN available only to users with valid Azure credentials.
  2. Alerting: Email notifications are sent for any critical operations that impact availability of backup data. These notifications enable users to detect attacks as soon as they occur.
  3. Recovery: Azure backup retains deleted backup data for 14 days ensuring recovery using any old or recent recovery points. Also, minimum number of recovery points are always maintained such that there are always sufficient number of points to recover from.

Getting started with security features

To start leveraging these features, navigate to recovery services vault in the Azure portal and enable them. The video below explains how to get started by enabling these features and how to leverage them in Azure Backup.

Help prevent user-error security breaches

[vc_row][vc_column][vc_column_text]

Help prevent user-error security breaches

As written on blogs.office.com
According to the Association of Corporate Counsel, unintentional employee error is the top cause of data breaches. And with 87 percent of IT professionals concerned about the security of cloud data, according to a Dimensional Research survey conducted for Druva, it’s easy to feel vulnerable. Preventing these unintentional errors can help keep your data protected.

The problem—simple passwords

Simple or reused passwords open the door to hackers. According to SplashData, the top five worst passwords of 2015 were:
  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
But even a great password can pose problems when used on multiple sites. Hackers know that people like to reuse passwords, so when they crack one, they test it on multiple sites, especially those that may contain higher value information.
Your solution—Educate employees on how to create a strong password. Then put a policy in place to ensure passwords meet minimum complexity requirements and require that users change them often. Also, encourage secure password-keeping practices such as using third-party services that store passwords in the cloud and secure them all with a master password.

The problem—falling for phishing

According to a Verizon Data Breach report, phishing is the second most common threat and is implicated in around a quarter of all data breaches. If a phishing message ends up in an employee’s inbox, there’s a good chance they will click the link.
Your solution—In addition to top-notch security and secure email filters, encourage users to report suspicious-looking messages—similar to reporting junk mail. Once reviewed and identified as a threat, add these messages to service-wide filters.
help-prevent-user-error-security-breaches-1
In Exchange Online, Email Safety Tips provide an additional layer of protection with a warning to the user in messages that are marked suspicious.

The problem—BYOD practices

Bring-your-own-device (BYOD) policies are widely used in today’s business landscape, but employees accessing sensitive information from personal devices can open the door to security threats. According to research from the Ponemon Institute, a total of 67 percent of respondents cited employees using their devices to access company data as likely or certainly the cause of data breaches.
Your solution—Create clear BYOD policies and educate employees on how to follow these guidelines—including what’s at risk if they’re ignored. For additional layers of security, require the use of approved secure mobile apps and multi-factor authentication when accessing company information.

The problem—lost or stolen devices

Lost devices are another leading cause of data breaches. And not just employee-owned devices—even your company’s devices are at risk, leaving your organization exposed to threats if they are lost or stolen.
Your solution—Educate employees on proper device security on- and off-premises, and instruct them to report lost devices as soon as possible. Enable security policies to ensure you can remotely access, locate and wipe a device if necessary.
Continually educate employees to minimize risk of common user-error breaches. Security features available with Office 365 help mitigate the risks introduced by employees. Data Loss Prevention (DLP) proactively scans emails and notifies users before they send sensitive information. Information Rights Management (IRM) allows you to control email access permissions to keep unauthorized people from printing, forwarding or copying sensitive information. Additionally, Office 365 gives you the option to use Microsoft Defender to safeguard mailboxes against sophisticated attacks in real time.

[/vc_column_text][/vc_column][/vc_row]