How Microsoft Protects Your Sensitive Data
Are you sure that only properly authorized people have access to your business data?
It’s a legitimate concern—if you’re relying on nothing more than passwords to keep your data secure, then you’re leaving a lot at risk.
That’s why so many businesses have started securing their IT systems with more advanced access control technologies and zero-trust architecture, such as those offered by Microsoft 365 Business Premium.
Stop Making Dangerous Assumptions
Sophisticated attackers have learned to play the long game, and sneak malware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away.
This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems. This is just one way in which cybercriminals are improving their tactics.
Fortunately, both the solutions we use to protect ourselves, and their underlying theory and strategy are under constant development in order to stay ahead of emerging threats.
What Is Access Control?
You need to have a carefully implemented process to track the lifecycle of accounts on your network and what they have access to.
Follow a careful system for how accounts are created for new members, how their security is maintained and verified through their life, and how they are removed when no longer needed.
Implement secure configuration settings (complex passwords, multi-factor authentication, etc.) for all accounts, as well as controls for login and use, such as lockouts for too many unsuccessful logins, unsuccessful login alerts, and automatic log-off after a period of inactivity
What Is Zero-Trust?
The zero-trust approach to cybercrime assumes that every aspect is a potential vulnerability until it can be confirmed otherwise.
That means instead of simply investing in a strong firewall and antivirus, and assuming you’re protected, every part of your IT environment and every user trying to access it is assessed for its security.
According to NIST SP 800-207:
“Zero trust security models assume that an attacker is present in the environment and that an enterprise-owned environment is no different—or no more trustworthy—than any non enterprise-owned environment.”
This means that an organization following a zero trust security model cannot, even by default, offer any trust in any interaction in their protected systems. Risks must be continuously assessed and mitigated, and access must be continuously verified.
It’s important for business owners to understand that every potential part of their network is a target. Given the overall connected nature of the systems, comprising one part can give the cybercriminals control over the entire environment.
3 Ways Microsoft 365 Business Premium Protects Your Data
Email Access Controls
Specify who can receive an email with controls including:
- Do Not Forward
- Do Not Print
- Message and attachment encryption
File Access Control
Dictate whether only those in your company can access a specific file, and implement other controls, including:
- Editing permissions
- Print permissions
- Read-only restrictions
Access Restriction
You can even restrict access for files saved outside of your company, ensuring these controls stay with the file no matter where the access is attempted from.
Document Access Control Best Practices
Determine Who Has Access To Your Network
This is the basis of access control—to start, you need to figure out who has access to your network. Take an inventory of your users, their access rights, and confirm that no one has more advanced access than is necessary.
Implement MFA
When you log in to an account that has MFA enabled, in addition to entering your password, you must either enter in an added generated code, or authorize login with a “push” request to a secondary device or biometrics.
In the event your password is compromised, your account can remain secure as the cybercriminal is unable to authenticate the secondary requirement. There is a range of options for generating the MFA codes:
- Receiving a text message
- Using a dedicated authenticator application
- Possessing a physical device on which you must push a button to verify that you are the authorized user of that account
Limit Admin And Advanced Access As Needed
The fact is that misuse of privilege is often one of the most common ways for cybercriminals to penetrate a network.
Either by tricking a user with administrative privileges to download and run malware, or by elevating privileges on a compromised non-admin account, hackers regularly make use of this highly common unsafe business practice.
Eliminating this vulnerability can be achieved in two ways:
Privileges By Requirement
The fact is that the common business user should not require administrative privileges to do their job—whether that’s for installing software, printing, using common programs, etc.
Admin Access Management
Once you’ve limited privileges to only a few members of the organization, make sure their accounts have the right protections in place—complex, long passwords, MFA, alerts for unsuccessful log-ins, and make sure to limit administrative actions to devices that are air-gapped from unnecessary aspects of your network.
Track And Control User Changes
This is one of the more basic controls on the list, but no less important. It can’t really be automated or outsourced to any technological aids—it’s just about doing the work.
You need to have a carefully implemented process to track the lifecycle of accounts on your network:
- Follow a careful system for how accounts are created and eliminated
- Implement secure configuration settings (complex passwords, MFA, etc.) for all accounts.
- Implement controls for login and use (lockouts, unsuccessful login alerts, and automatic log-off)
Maintain A Strict Password Policy
Weak passwords are a common vulnerability exploited by cybercriminals. That’s why it’s so common that passwords are required to include uppercase letters, lowercase letters, numbers, and special characters.
However, recent guidance from NIST advises that password length is much more beneficial than complexity. Consider using a passphrase, which is when you combine multiple words into one long string of characters, instead of a password. The extra length of a passphrase makes it harder to crack.
Don’t Leave Your Data At Risk
All of this goes to show how many ways there are for malicious third parties to try to access your company’s sensitive data. You need to ensure your systems are configured to properly defend your documents and files.
Get in touch with The Miller Group team to discover more about developing a robust access control system with Microsoft 365 Business Premium.