Posted on Leave a comment

How to Secure Microsoft 365 for Remote Working

secure Microsoft 365 graphic

It seems that remote working won’t go away after the pandemic passes. In fact, organisations in most industries are working towards making it a permanent and viable option. 

Large enterprises and corporations like Facebook and Google plan to keep the model for a while. While others like Twitter, Slack, and Zillow decided to allow (most or all of) their employees to work from home permanently. Their decision-making points towards the likeliness of remote work becoming a permanent option in most companies.  

SMBs looking to secure work from home 

According to Intermedia’s survey, small to medium business owners believe the remote work model will stay permanently. The survey indicates there is an overwhelming preference in keeping remote work as a long-term option. With 57% of SMB owners stating that employee availability and life and job satisfaction have increased, and citing a drop in overhead costs as a benefit that enabled them to stay afloat during lockdowns. 

Those SMBs deciding to embrace the model are in the midst of preparations to make remote work permanent. 

The Microsoft 365 suite is heavily used among SMBs, as their subscription model offers industry-leading functionality at a reasonable price. With access to security and operational features previously available only to enterprises, Microsoft 365 also includes cloud-based services that can be used from anywhere. Making the suite a perfect choice for work-from-home teams. 

Compliance remains a core concern for work-from-home protection

Remote work comes with a new set of risks, especially for cybersecurity. Compliance acts and regulations don’t differentiate between in-office and remote work. 

They require that you have secure working-from-home policies for sensitive information and data, and that you secure staff when working from home. 

The most common regulations to comply with include: 

  • Health Insurance Portability and Accountability Act (HIPAA) for businesses offering health services 
  • EU’s General Data Protection Regulation (GDPR) for all businesses processing and handling personal data from EU citizens
  • California Consumer Privacy Act (CCPA) for all California-based businesses and those doing business in California
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) for everyone handling personal data from Canadian citizens

These acts require you to comply with Information Security Management Systems (ISMS) standards, most notably the ISO/IEC 27000 series, as well as the Payment Card Industry (PCI) Data Security Standard (DSS) for those who take card payments online. 

SMBs often struggle with acquiring the right security solutions because the budgets are low. 

Remote work and software spending

The graph below shows how expectations on software spending have changed from March to May 2020. 

As the impact of the pandemic stopped being an unknown variable, respondents have revised their expectations on spending, which is indicated by less spending than initially expected. 

Statistic: COVID-19 impact on software spending worldwide 2020 (Survey results comparison: March, April & May) | Statista
Find more statistics at Statista

While the highest percentage of respondents (40%) initially stated they will increase their spending on software, in May, 44% reported there were no changes compared to spending during the previous year. 

And while the overall spending seems to stay the same, there are big shifts on what type of software the funds are allocated to. 

Statistic: Where are businesses increasing software spending? | Statista
Find more statistics at Statista

With working from home being the new norm, conferencing takes the lead, followed by collaboration, remote desktop tools, and security software. 

Work-from-home protection is an important concern for SMBs, and as the newest data from Microsoft shows, everyone is trying to speed up their cybersecurity digital transformation. 

So how can you protect all the Microsoft 365 documents and communication that you work with daily when everyone is using different networks and devices to access it?

How to protect Microsoft 365 when working from home

In our experience, the most efficient option to cover both of these is to use Advanced Microsoft Information Protection (MIP), as it has the best cost-benefit ratio. 

Microsoft Information Protection uses built-in capabilities from Microsoft Office 365 and Windows 10, as well as additional solutions provided by Microsoft, to secure Microsoft 365 and all the digital information and data you work with in your business across the whole playing field: in the cloud by using Cloud App Security, as well as on devices and on premises. 

It allows you to detect sensitive information and locate where it’s currently stored, secure documents as soon as they are created, and even ensure that you dispose of them in a secure manner. 

What Microsoft Information Protection can do for SMBs: 

  • It will secure Microsoft 365 apps and services you use and all your business information from leakage.
  • It blocks malicious actors from access, and doesn’t allow access to untrusted actors.
  • The automatic classification protects all documents based on the criteria, trigger words, and phrases you set up. 
  • It actively tracks data through its lifecycle and gives you insight into who has access to data and a log of who accesses it and what they are doing with it.
  • It helps your employees stay productive and learn about working from home best practices. The system will suggest labels and teach them how to use and apply them correctly. 
  • It gives you overview over information flow, with valuable insight on patterns of data usage inside of your organisation. 
  • This allows to spot anomalies in data usage and access, enabling quick detection of potentially harmful actions by actors or malicious software.
  • It keeps all data secure even when sharing with vendors and third parties by not allowing forwarding, downloading, or copying information shared with them.

Such capabilities extend beyond securing your data – it also keeps your staff secure from making errors while handling data, and all the vendors you work with by not allowing them to forward any information you share with them further. 

Once set up, you’ll have a system that performs well in the cloud, covering the need to secure remote working, but on premises too, once you decide to go back into the office. 

See MIP in action with our email demo video here:

Why you need to secure Microsoft 365 for remote working

When you secure Office 365, you and your team can do remote work securely and are saving time and money. But that’s only one benefit of using such an extensive system: 

  • No changes in workload: The automatic classification and encryption of all documents you work on and share with remote staff, contractors, and other third parties means there is no need to increase workload for your staff and spending time on complex manual security checks that they need to learn to apply. 
  • You will secure Microsoft Office through compliance: Classification and encryption executes on the cloud level too and protects against human error, one of the most common reasons behind data leaks. Securing Microsoft 365 for remote working also helps you be compliant with all regulations. 
  • Security travels: The cloud-based protection extends beyond business devices – the protection remains with documents and data and travels with them, ensuring they are secure even if they end up in the wrong hands. 

Secure external consultant documents for Microsoft 365

Working with external consultants increases risk of data leakage and breach, since you are relying on them to practice good cybersecurity. 

Instead of hoping they are doing a good job, you can secure Microsoft 365 documents sent to and used by external consultants through MIP. With auto classification, the options for downloads and further sharing will be disabled, ensuring the data can never be accessed by anyone but your external consultants. 

Secure internal sensitive and confidential information when working from home

Secure Microsoft 365 data with MIP’s extensive labeling and trigger system based on labels. You can classify all information into specific categories, and set up sensitivity labels for each of those categories. 

The trigger system activates based on the rules you set up. For each rule, there is a condition that must be met in order to trigger the second part, the action, something that will happen automatically when the condition is matched. 

For example, when a user without permission tries to access a sensitive document, the rule sends an email to the user and administrator of your system about the incident. 

Whenever someone creates a new document, no matter where within your organisation, it will automatically be protected based on the category and labels applied to that type of document. 

These labels are document-based, meaning they persist with it and are transferred anywhere the document ends up. If the document ends up being in an insecure environment, your security policies will continue being enforced, and won’t allow usage by anyone who isn’t a trusted source. 

The system allows you to track all data and documents as it moves through and outside of your organisation. In case you ever suspect foul play, you will be able to revoke access to the document, rendering it useless to anyone who is trying to get it. 

In such cases, the MIP can, based on your setup, respond with a real-time email alert, or a report on the dashboard.

Microsoft Information Protection includes Data Loss Prevention (DLP) capabilities, with policies against accidental sharing. With it, you can also label documents for information retention, set an expiry time and apply deletion policies that will execute automatically when requirements are met. 

Secure email communication when working remotely

The labeling system goes beyond Office apps, and you can secure Microsoft Outlook in the form of Office 365 Message Encryption. 

It allows you to classify and secure email messages as well. When labeled, the policies for that specific label will be applied to the email. This includes policies such as: 

  • Encryption
  • Watermarks
  • Access restriction
  • Disabling forwarding

The label that is applied will persist with the email and keep security policies on the email even when it leaves your organisation. It helps employees work from home securely by preventing phishing attacks and disclosing information accidentally. 

Secure BYOD for remote working

By having online-only work, your employees will use a number of devices to access business data, like Windows and Mac OS machines and mobile devices. A comprehensive security suite such as Microsoft Information Protection has encrypting standards that will work on all of them. 

If you’re unsure on the right way to secure BYOD for remote working and set up policies, we can discuss other ways of working with BYOD. For example, we offer Windows Information Protection setup services that secure employee-owned devices from data leakage and other security incidents. 

The MIP setup takes time and IT knowledge

Microsoft Information Protection is definitely an all-encompassing solution that addresses the risks of remote work well. It secures access to sensitive data and documents, grants permissions to the right stakeholders, and ensures all your business data is safe even if it’s somehow accessed without authorisation. 

But there is a downside to it: It takes a lot of time to set up such an extensive system for someone who never had to deal with it. Even if you have an IT professional on your team, chances are, they will need to ask for help. Only those with knowledge in Active Directory, a good comprehension of Microsoft licensing, and previous experience with Microsoft or Azure Information Protection itself can set it up. 

One error in permissions and labeling, and you can lock yourself out from your own documents, even if you are the admin. Or if you miss it during setup, the system might not flag important documents correctly, making them easily accessible by someone without permission.

Learn more about how we can help here:

Advanced Office 365 Security for Remote Working

Professional setup saves time and money

Towerwatch has many years of real-world experience with encryption. We have been working with Microsoft Information Protection and setting up automatic encryption protocols for global brands even back when MIP was still known as Azure Information Protection. 

Now you can rest easy knowing it’s set up properly and that all documents and communications are secure. You will efficiently eliminate the risk of costly mistakes that could result in regulation breach fines or loss of customers. 

To find out more about how we can secure your business operations with a future-proof cloud-based solution that will continue working even if you decide to go back into office, book a consultation with Microsoft Global Professionals for MIP, and our initial session HERE

Our initial session is priced at £250, and for this investment, you will not just cover the session cost, but also get a comprehensive overview of the current state of your cybersecurity solution and work-from-home compliance status. When you decide to move forward to the next stage, this investment will also be deducted from the project fee. 

Book your initial session HERE.

Posted on

Microsoft Announces Microsoft Threat Protection (MTP), But What Does This Mean For Their Cyber Security Users?

Microsoft Announces Microsoft Threat Protection (MTP), But What Does This Mean For Their Cyber Security Users? feature image

Summary: With Microsoft Threat Protection (MTP), Microsoft has announced big changes coming to their security apps. Focusing on bringing a unified solution that correlates data across their cybersecurity services, they want to offer an end-to-end security solution that will help users stay one step ahead of sophisticated cyber attacks.

With the global cyber security landscape becoming more diverse, it is becoming increasingly difficult to stay protected against cyber security threats. The cyberspace is a new battlefield, and businesses should always assume that someone is attempting to hack into their systems and exploit their environments.

Microsoft Threat Protection (MTP) Is the Answer to New Cybersecurity Threats

Microsoft Threat Protection (MTP) is the most exciting update of the Microsoft Ignite 2018 that was held from September 24 to September 28, 2018, in Orlando, Florida. The Ignite Panel on Microsoft Threat Protection explained a large portion of the changes coming to their cyber security services.

What Is Microsoft Threat Protection (MTP)?

Microsoft Threat Protection is Microsoft’s latest response to the increasing complexity of the digital estate and security issues that come with it.

Anything connected to the internet can be attacked. This not only includes laptops, tablets, phones, but also IoT devices such as smart meters, smart watches, and others – all of them are possible vectors of attack. The endpoints in the environment that are a target of cybercriminals are not just computers or phones, but complex systems like smart cities, sensors, smart cars, and smart energy grids.

These are coordinated and intelligent attacks, and it’s been an ongoing game of cat and mouse, where cybercriminals land a blow, the security experts respond, then cybercriminals find new exploits, and so on.

Microsoft Threat Protection aims to break this cycle and ensure to stay one step ahead by using the power of cloud computing, automated responses, and scaling capabilities to secure everything.

Why Did Microsoft Decide to Develop MTP as an End-to-End Security Solution?

The digital environment is more diverse than ever before, and Microsoft Threat Protection aims to offer a solution that protects enterprises and their digital environment against a growing number of sophisticated cyber attacks.

Once a cybercriminal gets access to any device within a system, they also get access to everything that the device has access to, searching for additional logins on the affected device to move across your whole environment.

Microsoft Intelligent Security Graph

The Microsoft Intelligent Security Graph is the foundation of all the security services included in Microsoft Threat Protection. It gives insight into various attack vectors and shows how many security threat signals are coming in daily from consumers and corporations – 6.5 trillion signals a day. Those signals are gathered from users, corporations, and Microsoft services.

The graph shows just how many signals are detected in various areas, such as Outlook, where over 400 billion emails are analyzed, or from 1.2 billion devices that are scanned each month, where over 5 billion threats are detected in that time.

Every single security alert and signal that is received is part of a larger attack, and it’s difficult (and very expensive) to correlate all signals across all devices. The Microsoft Intelligent Security Graph requires analysis by more than four thousand in-house security specialists, with over $1 billion invested each year into cyber security.

It is virtually impossible for most enterprises to have access to such security skills and budget to correlate all threats to their digital estate. Microsoft, therefore, offers enterprises the ability to use Microsoft’s vast cloud computing capabilities and insights by choosing MTP as their ultimate cyber security solution for all digital devices and assets you have in their environment.

How Microsoft Security Solutions Used to Work…

Before this, Microsoft’s threat protection was divided between their various services, which meant that cyber attacks could happen outside of those areas, in the gaps that were not covered by a specific service.

By bringing all these services closer together and having multiple apps address the different aspects, those gaps are covered and the risk of a breach is lowered.  

What Services Does Microsoft Threat Protection Include?

Microsoft Threat Protection isn’t a single app that covers all cyber security needs. It’s a group of services that work together to ensure all attack vectors are suitably covered from multiple angles.

The Services included in MTP are as follows:

  1. Azure Active Directory – This covers identity and access management.
  2. Azure Advanced Threat Protection (ATP) – This covers detection of advanced attacks across the digital environment.
  3. Microsoft Cloud App Security – This is a Cloud Access Security Broker (CASB) that covers data protection in the cloud environment.
  4. Microsoft Intune – A part of Microsoft Enterprise Mobility and Security, Intune is a cloud-based service that helps you manage mobile devices, apps, and the way workforce accesses and shares company information.
  5. Windows 10 – These are updates to existing security services like the Windows Defender.
  6. Azure Security Center – This is a unified security management system that protects hybrid workloads running in Azure and other environments.
  7. Windows Defender Advanced Threat Protection – Windows Defender is getting new capabilities that include post-breach detection, investigation options, and response.
  8. Office Advanced Threat Protection – This covers malicious attacks found in emails, collaboration tools, and links.
  9. Office Threat Intelligence – These are threat protection capabilities across all Office apps.
  10. Windows Server Linux – This covers Linux based servers.
  11. Exchange Online Protection – This covers email filtering, spam and malware protection, as well as protection against messaging policy violations.
  12. SQL Server – A protection through advanced machine learning.

Those services work in tandem to secure the five pillars of cyber security. This gives them greater coverage of possible attack vectors and in case one service doesn’t address a specific vector, the other will. These are the five pillars:

  • Identities – This pillar includes vectors such as users and admins and is protected by the following services: Azure Active Directory, Azure Advanced Threat Protection, and MS Cloud App Security.
  • Endpoints – This includes all types of devices and sensors that could be possible vectors for a breach. It’s protected by Microsoft Intune, Windows 10, Windows Defender ATP services.
  • User Data – All email messages and documents are protected by Microsoft Cloud App Security, Windows Defender ATP, Office 365 ATM, Office Threat Intelligence, and  Exchange Online Protection.
  • Cloud Apps – All data stores and SaaS solutions/apps are covered by MS Cloud App Security, Office 365 ATP and Exchange Online Services.
  • Infrastructure – All enterprise servers, virtual machines, networks, and databases are protected by Windows Server Linux, SQL Server, and Azure Security Center.

How Do Enterprises Use and Benefit from MTP

A good example of how enterprises benefit from MTP is Telit, who has over twenty years of experience in IoT and offers end-to-end IoT solutions. They use Microsoft’s services to protect everything: from IoT Products, over Services, IoT consulting, and building systems for enterprises.

They realized quickly that by having a unified system, they can address any security issues more efficiently and save a lot of money when compared to using different providers for each aspect of their business.

Your enterprise will benefit because instead of using the top services for each category, the MTP unified system can secure all of the following, and more:

  • Mail protection and encryption
  • Mobile device management
  • Endpoint security
  • Incident response
  • Cloud access
  • Securing data and apps
  • Data classification and governance
  • Data loss prevention
  • Compliance (GDPR)
  • Identity protection and privacy

Microsoft Threat Protection addresses the following cybersecurity pain points and helps enterprises by offering the following:

Integration – All security products should aim to be closer together and better integrated. This improves response and automation and closes gaps is security where attackers often operate.

Intelligence – The power of the cloud can improve security across all apps.

  • For example, businesses can have an overview of each user activity and get alerts on unusual activity or devices for each of their accounts or identities.
  • MS combines machine learning to detect deviations from usual patterns in user/ID/machine behaviour and activity.

Automation – The focus is placed on incidents that are most important, not all of them. This saves time on mundane and routine tasks through automated actions for each type of attack.

  • Alerts are correlated across machines and network to figure out how it happened and whether it’s part of a larger incident.
  • The incident takes X number of alerts and groups them together, shows the timeline of all alerts, and shows affected machines, emails, users what investigations and actions were taken.
  • By combining services to correlate alerts, better detection and response is achieved, and it’s easier to secure all the attack areas, strengthening the overall security.

A User-Centric Approach – Solutions are geared toward how users work.

  • For example, in emails, you will be able to display the underlying URL instead of the text part to immediately see if the link was spoofed. This offers security against threats targeting users (phishing etc) while not undermining the user experience.

EcosystemIntelligent Security Association – Instead of trying to cover every security aspect on their own, Microsoft is working with over thirty leading security tech providers to expand security coverage.

The Purpose of MTP

Microsoft wants to take a more active part in the realm of cyber security, and their threat protection gives them an important role of a cloud security provider. With their Intelligent Security Graph analysis, their Microsoft Threat Protection combines integration, intelligence, and correlation, and gives enterprises access to their computing power and scale.

Ideally, MTP will offer the following:

  1. Protection Against All Attack Vectors – The optimal solution is to stop all attacks, but since this is impossible, it should stop as much as possible from breaching the system.
  2. QUICK Detections When a Breach Occurs – Since some attacks will sneak by, it is crucial that they are detected as soon as possible.
  3. Response and Remediations – Once a breach is detected, adequate action should be taken. Here, automation options help take care of smaller threats by automatically remediating them, while larger threats will be brought to attention and the system will await input on what to do with them.

While MTP will make it easier to protect every aspect of your digital estate, user education and training are important too. Here, MTP wants to help businesses teach their employees about security risks, what they have to understand, and why they might be targets.

Ultimately, Microsoft Threat Protection should reduce complexity, time, and lower costs on incidents by offering an end-to-end security solution that also works with external security providers to truly extend their cyber security reach where it matters.