Microsoft Azure cloud security unwrapped [gifts wrapped in paper with twine]

Cloud security unwrapped. 10 ways to protect your business this Christmas.

Posted 12 December 2022 by Laura

As many of us step into Christmas, lost amongst rolls of wrapping paper and sticky tape, it's easy to get swept away in the festivities without making proper preparations first.

 

 It's well known that weekends and public holidays provide cybercriminals with the perfect backdrop to their crime, and the Christmas holiday period is a wonderful concoction of all that hackers love; fewer people in the office, reduced hours, staff parties, general disruptions to routine – with a handful of public holidays thrown in for good measure.
Of course, it might be that you've already been hacked and while your company emails and social accounts are closely monitored, the hackers will know exactly when everyone is out for the annual staff party. Is there an even better time to launch a full scale attack? 

So, before you pop on the out of office and belt out yet another frightful rendition of 'Driving Home for Christmas', here are 10 things you can do to help protect your business in the cloud this holiday season. 

1. Install security software.
Here's a scary statistic: phishing attacks are responsible for 83 percent of cyber breaches. Terrifying indeed, until you take into account that there's software to keep these threats at bay. Microsoft Defender for Endpoint, for instance, comes not only with anti-phishing capabilities, but anti-virus and anti-malware, too. Even better, it might be free with your current licence?

2. Implement multi-factor authentication.
Add an additional level of security with multi-factor authentication for emails, files, and any site or app you use on company devices. This will stop hackers from exploiting passwords, and ensure only authorised people gain access. It's a quick win and should be implemented immediately.

3. Limit access permissions. 
Granting clients and supplier unlimited access could put your network at risk (yes, even the good ones). Reduce the chance of breaches by restricting the access permissions of external users; you can easily set different levels of access with Azure, or disable accounts entirely and enable them again when needed. Simple and secure. 

4. Ensure your defences are working. 
Regularly monitor antivirus software and firewall configuration – specifically check for temporary rules that may have been left in place beyond their lifetime.

5. Backup – and backup your backup. 
Backups are great to have in place – but are the latest files backed up, and can they actually be restored? Reviewing your backups before you switch off for the season can give you that little peace of mind while you help yourself to another sprout... we recommend keeping an offline backup, too – y’know, just in case.

6. Logging and monitoring in check.
Sounds easy enough, but the first thing is knowing what logging is already in place – are you capturing the data that really matters? Secondly, crucially, where are the logs stored? Are they secure yet easy to access? Once your logs are in place, relax and kick back in front of the fire with your favourite tipple. Perfect.

7. Robust incident plan at the ready. 
Something you hope you’ll never need – but having one feels pretty darn good. A well-planned, well-tested response plan should cover disaster recovery, business continuity and crisis management. Should the worst happen while you're five minutes in to Elf, does everyone who needs to know, know what to do?  

8. Relevant third party apps only.
Third party apps can be great – but only if they're providing something that's not already covered in your Microsoft licence (or that a simple cost effective upgrade will take care of). Now's a good a time to pull in any loose purse strings – especially if you can get a better service with lower costs and, less hassle and ultimately better protection.

9. Check your system patching. 
Across all devices including third party software such as browsers. Turning on automatic updates will help manage this for you.
10. Create a security checklist for everyone to follow.
Create a checklist for your staff to follow on and off-site. This should include everything from installing anti-virus software to not leaving remote devices unattended.

And if you'd like something a little more in-depth, you might be interested in our short (but longer than this) guide: How to avoid the fate of the Death Star. It's free to download...from us to you, Happy Christmas!