Help prevent user-error security breaches

[vc_row][vc_column][vc_column_text]

Help prevent user-error security breaches

As written on blogs.office.com
According to the Association of Corporate Counsel, unintentional employee error is the top cause of data breaches. And with 87 percent of IT professionals concerned about the security of cloud data, according to a Dimensional Research survey conducted for Druva, it’s easy to feel vulnerable. Preventing these unintentional errors can help keep your data protected.

The problem—simple passwords

Simple or reused passwords open the door to hackers. According to SplashData, the top five worst passwords of 2015 were:
  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
But even a great password can pose problems when used on multiple sites. Hackers know that people like to reuse passwords, so when they crack one, they test it on multiple sites, especially those that may contain higher value information.
Your solution—Educate employees on how to create a strong password. Then put a policy in place to ensure passwords meet minimum complexity requirements and require that users change them often. Also, encourage secure password-keeping practices such as using third-party services that store passwords in the cloud and secure them all with a master password.

The problem—falling for phishing

According to a Verizon Data Breach report, phishing is the second most common threat and is implicated in around a quarter of all data breaches. If a phishing message ends up in an employee’s inbox, there’s a good chance they will click the link.
Your solution—In addition to top-notch security and secure email filters, encourage users to report suspicious-looking messages—similar to reporting junk mail. Once reviewed and identified as a threat, add these messages to service-wide filters.
help-prevent-user-error-security-breaches-1
In Exchange Online, Email Safety Tips provide an additional layer of protection with a warning to the user in messages that are marked suspicious.

The problem—BYOD practices

Bring-your-own-device (BYOD) policies are widely used in today’s business landscape, but employees accessing sensitive information from personal devices can open the door to security threats. According to research from the Ponemon Institute, a total of 67 percent of respondents cited employees using their devices to access company data as likely or certainly the cause of data breaches.
Your solution—Create clear BYOD policies and educate employees on how to follow these guidelines—including what’s at risk if they’re ignored. For additional layers of security, require the use of approved secure mobile apps and multi-factor authentication when accessing company information.

The problem—lost or stolen devices

Lost devices are another leading cause of data breaches. And not just employee-owned devices—even your company’s devices are at risk, leaving your organization exposed to threats if they are lost or stolen.
Your solution—Educate employees on proper device security on- and off-premises, and instruct them to report lost devices as soon as possible. Enable security policies to ensure you can remotely access, locate and wipe a device if necessary.
Continually educate employees to minimize risk of common user-error breaches. Security features available with Office 365 help mitigate the risks introduced by employees. Data Loss Prevention (DLP) proactively scans emails and notifies users before they send sensitive information. Information Rights Management (IRM) allows you to control email access permissions to keep unauthorized people from printing, forwarding or copying sensitive information. Additionally, Office 365 gives you the option to use Microsoft Defender to safeguard mailboxes against sophisticated attacks in real time.

[/vc_column_text][/vc_column][/vc_row]

New Security Analytics Service: Finding and Fixing Risk in Office 365

cyber-security-lock-ms
New Security Analytics Service: Finding and Fixing Risk in Office 365

Written by Brandon Koeller as seen on blogs.technet.microsoft.com
Microsoft is pleased to announce the preview availability of a new security analytics service called the Office 365 Secure Score. The Secure Score is a security analytics tool that will help you understand what you have done to reduce the risk to your data in Office 365, and show you what you can do to further reduce that risk. We think of it as a credit score for security. Our approach to this experience was very simple. First, we created a full inventory of all the security configurations and behaviors that our customers can do to mitigate risks to their data in Office 365 (there are about 77 total things that we identified). Then, we evaluated the extent to which each of those controls mitigated a specific set of risks and awarded the control some points. More points means a more effective control for that risk. Lastly, we measure the extent to which your service has adopted the recommended controls, add up your points, and present it as a single score.
The core idea is that it is useful to rationalize and contextualize all of your cloud security configuration and behavioral options into one simple, analytical framework, and to make it very easy for you to take incremental action to improve your score over time. Rather than constructing a model with findings slotted into critical, moderate, or low severity, we wanted to give you a non-reactive way to evaluate your risk and make incremental changes over time that add up to a very effective risk mitigation plan.
The Office 365 Secure Score is a preview experience, so you may find issues, and you will note that not all of the controls  are being measured. Please share any issues on the Office Network Group for Security. You can access the Secure Score at https://securescore.office.com.
The Secure Score does not express an absolute measure of how likely you are to get breached. It expresses the extent to which you have adopted controls which can offset the risk of being breached. No service can guarantee that you will not be breached, and the Secure Score should not be interpreted as a guarantee in any way.

Your Secure Score Summary

The first, most important piece of the Secure Score experience is the Score Summary. This panel gives you your current Secure Score, and the total number of points that are available to you, given your subscription level, the date that your score was measured, as well as a simple pie chart of your score. The denominator of your score is not intended to be a goal number to achieve. The full set of controls includes several that are very aggressive and will potentially have an adverse impact on your users’ productivity. Your goal should be to optimize your action to take every possible risk mitigating action while preserving your users’ productivity.
ss_summary

Risk Assessment

While the Secure Score is framed as a ‘gamification’ of your security, it is important to recognize that every action you take will mitigate a real world threat. This panel shows you the top threats for your tenancy, given your particular configuration and behaviors. Make sure you read about and understand the risks you are mitigating every time you take an action.
ss_riskanalysis
ss_threatsdescription

Compare Your Score

The Office 365 Average Secure Score is calculated from every Office 365 customer’s Secure Score. You can use this panel to get a better sense of how your score stacks up against the average. The specific controls that are passed by any given customer are not exposed in the average, and your Secure Score is private. Note that the Average Secure Score only includes the numerator of the score, not the denominator. So, the average points may be higher than you can achieve because there are points in controls associated with services that you have not purchased.
ss_comparison

Take Action

Helping you figure out which actions to take to improve your score is the purpose of the Secure Score.  There are three basic parts to the experience:
First, there is the modeler. Use the slider to figure out how many actions you want to review. Sliding to the left will reduce the number of actions in your list below, sliding to the right will increase the number. Each tick of the slider will add one control to the list. The target score shows you how much your score will increase if you take all the actions in the queue.
ss_modeler
Second is the action pane. When you open this, you will see a description of the control, explaining why we think it is an effective mitigation, and what we observed about your configuration. We’ll also show you some details about the control such as the category (account, device, data), what the user impact of the action is (low or moderate) as well as your measured score. Clicking Learn More will open a fly-out pane that will walk you through taking the desired action.
ss_actionpane
Thirdly, you will see a remediation pane fly-out that explains exactly what you are about to change, and how it will affect your users. Eventually, the Launch Now link (which takes you to a separate security center now) will allow you to make the desired change right from the Secure Score experience.
ss_remediationdescription

Score Analyzer

Since the Secure Score experience is restricted to users that have been designated a Global Tenant Administrator, we wanted to make it easy for admins to analyze and report to their executives and stakeholders their progress on risk mitigation over time. The Score Analyzer experience allows you to review a line graph of your score over time, to export the audit of your control measurements for the selected day to either a PDF or a CSV, and to review what controls you have earned points for, and which ones you could take action on.
ss_mountaingraph

What’s Next

As mentioned, the Office 365 Secure Score is in a preview release. Over the coming months you will see us continue to add new controls, new measurements, and improvements to the remediation experiences. If you like what you see, please share with your network. If you see something we can improve, please share it with us on the Office Network Group for Security. We’re looking forward to seeing your scores go up, and making the Secure Score experience as useful, simple, and easy as it can be.

Research shows, more and more companies are discovering the benefits of Technology Lifecycle Management as a Service. Learn Why:

[vc_row][vc_column][vc_column_text]

Technology Lifecycle Management (TLM) Support Experts Like us Deliver Efficiency and Cost Management

techlifecyclemgmt-managed-solution
IT Service Management and IT Asset Management for Ultimate Technology Lifecycle Management
Technology Lifecycle Management (TLM) is a multiphased approach that encompasses the planning, design, acquisition, implementation, and management of all the elements comprising the IT infrastructure. The convergence of in-depth technical knowledge, astute business processes, and expert engineering and financial services into a solid business model enables agencies to proactively address systematic budgeting and long-term management of their IT infrastructures.
IT service management brings separately managed IT processes and components into a single holistic program to deliver end to end services that emphasize benefits to users / customers.
Research shows, more and more companies are discovering the benefits of Technology Lifecycle Management as a Service.
According to research conducted by IDC, MIT and Alinean1, the following benefits have been observed in enterprises as they improve their level of infrastructure optimization:
The study calculates that, on average, the cost benefit to companies who improve their optimization is an 83 percent reduction in IT cost structure (per PC, per year).

TLM-box

Providing the most functional, flexible IT infrastructure possible, at the lowest cost of ownership. Meeting that challenge systematically through Technology Lifecycle Management can lead to dramatic improvements in efficiency, performance, and cost management.

Contact Us!

Managed Solution has the experience and expertise to architect Technology Lifecycle Systems tailored for your environment. For more information, call 800-313-2109 or complete the contact form below and we will be in touch.


[/vc_column_text][/vc_column][/vc_row]