Strong IT Security in 2023
Updated: Apr 13
Hackers are trying to get into your account. Yes, yours. All of them. All of the time.
This is not an alarmist position, or a fear tactic to get you to pay attention to us, it's just the fact these days. We'd also rather work on other things besides implementing barriers to stop them, but security has to come first. This way, we can all operate with lower risk of ransomware, data theft, and invoice fraud, to name a few terrible pains you want to avoid.
So, here are the ways we suggest making it very difficult for the hackers to get into your systems, so that they go hack somewhere else. I am going to be brief on these points, but if you talk with us, we will happily drill into the detail and help you get there.
Adopt Microsoft 365
With cloud systems, you are sharing the investment in security with everyone else chipping in. Meaning, you have some of the best security software to monitor and stop threats.
Enable Multi-Factor Authentication (MFA) with Passwordless
When you have to match a number from the computer screen to your phone, it is much harder to bypass. Further, you should be aware that using text/SMS and personal email as a backup is easier to compromise and for the most security, those should not be allowed as backup verification methods. Such a transition needs to be carefully managed.
Use Azure Single Sign-on with 3rd Party Apps
For example, when you sign into your CRM or Accounting software, if you authenticate (login) using your Microsoft 365 account, it leverages that strong security described above. It's also easier for users, with fewer accounts to manage.
Use a Password Manager
Do not use the same password in multiple places. You should really only need to memorize 3 passwords: one for your personal email, one for your work account, and one for your password manager. You should have no idea what the rest of them are, as they should be generated and stored in your password manager.
Enforce Device Compliance
Microsoft 365, with the appropriate license, enables device management in Intune. You can set criteria for a device (computers, smartphones, tables) to be "Compliant". A simple example is having the Firewall enabled. You can then set a rule which says only allow Compliant devices access to our data. This can help because even if a hacker gets access to your account, they would also need to be on a compliant device.
Managed Security Operations Centre (SOC)
I like to say that Managed SOC is the IT version of security guards watching TV screens in real-time, and periodically checking door locks and alarm systems. Except, in our world there's AI watching millions of logs for potential intrusions (formally referred to as Managed Detection & Response (MDR))
Air Gapped Backups
This is more of a recovery method than security, but have a backup that is independently controlled from your main data. That's what we mean by "air gapped". If the same Admin account for M365 or Active Directory can get into your backups, they'll likely get deleted as well if you get attacked.
As Microsoft Partners with a focus on cloud, we do all of these configurations constantly, and we'd like to help secure as many organizations as we can.