How Secure Is Your IT in Your Business?
Our in-house cyber security expert recommends that local businesses act immediately to secure their IT infrastructure and online services.
A highly complex password and multi-factor authentication are now just basic security measures all businesses should have in place. Here are the three items you need to enforce across all of your business devices and IT services:
Conditional Access
Enforcement of strict cyber security policies in the Microsoft environment is now commonplace. This includes conditional access, which your IT provider of choice can manage.
In simple terms, conditional access is a policy that allows business-approved devices to access company data and cloud services.
In the past, conditional access was limited to only highly secure business networks; however, the ease of implementation and the ability to pre-approve personal cell phone devices using services such as Microsoft’s Intune company portal service allow any size business to become super secure and keep the bad guys (or girls!) out.
Zero Trust Applications
Similar to conditional access, a zero-trust application policy does the same thing but for software restricting all applications from loading and installing unless on a pre-approved IT list. Again, this is one of the most effective ways to stop viruses and ransomware in your business network, as nothing is allowed to load on your computer/laptop unless it’s on the application white list.
When a new app or software is downloaded and required, it’s just a case of logging a ticket with the IT helpdesk and going through the approval process for installation.
Monitoring of login locations
Finally, we come to location monitoring. Most online services, such as Microsoft 365, now offer reports on where your staff are logging in based on their “IP” address.
Cybersecurity experts will probably not be surprised by new data of global attack traffic in the last quarter of 2021, 41 per cent originating in China, citing, among other things, a “sophisticated hacker network.”
1. China 41 % (of the world’s attack traffic)
2. U.S. 10 %
3. Turkey 4.7 %
4. Russia 4.3 %
5. Taiwan 3.7 %
6. Brazil 3.3 %
7. Romania 2.8 %
8. India 2.3 %
9. Italy 1.6 %
10. Hungary 1.4 %
Monitoring on a weekly basis where staff logins are occurring can help pinpoint potential anomalies and help inform when a potential account has been compromised.
It is prudent to inform staff that login locations are being monitored since implementing this service with another client highlighted a remote worker taking a vacation on company time. This was made clear due to the login location report.