Business departments discuss how to protect against cyberattacks in the Microsoft cloud

How to protect against cyber attacks – and who's responsible.

Posted 27 February 2023 by Laura

IT risk used to sit pretty heavily with IT managers – but we know that risk is now far deeper entrenched in an organisation, with ramifications for everyone up to and including board level. “It’s not my department” doesn’t wash anymore. Accountability must be upheld across the business, or be prepared to face the consequences.


A 2021 cyber threat defence report surveyed 1,200 IT security decision makers and practitioners from 17 countries, across 19 industries. It found the top three things preventing organisations from adequately defending themselves against cyberthreats are:
  1. low security awareness among employees 
  2. a lack of skilled personnel
  3. poor integration between security solutions

But luckily these are all things that can be fixed with a bit of care, consideration, communication... and a well-architected cloud framework based on Microsoft best practices.


1. Low security awareness among employees

IT managers and their direct teams will know how and why certain systems should be accessed, navigated and secured – but does everyone else? Does everyone across the organisation, from board member to contractor, know the rules and regs that will help to keep their (and, if they’re sharing devices and networks, their family’s) data safe?  

If employees haven’t had guidance around the different types of cyber attacks, how to spot a phishing email for example – how can they be expected to keep your organisation protected from cyber attacks?

The majority of employees will be lucky to have just one quick training session (usually at the beginning of their employment). But with the sophistication of cyberattacks increasing at a rate that far surpasses that inaugural training session, perhaps it’s time for management, HR and marketing teams (and the Board) to take the IT security training of employees seriously. 

Increasing staff awareness around cloud security could include:

  • 'how to' guides
  • training resources including videos and webinars
  • best practice guidance
  • company policies available via intranet

 

2. Lack of skilled personnel

If there’s a skills shortage in your IT team, outsource the bits you can’t do. It might be that you have an internal or external team delivering your IT strategy, but who lack the specific knowledge and experience that your IT strategy demands. If this is the case, then it’s time to invest in specialist, ad-hoc support. Perhaps you can up-skill your team – but this should never jeopardise the quality of the outcome.

There’s a lot to be said for putting your hands up when the task at hand is out of your remit. It takes a good leader to admit it. It takes a great leader to find a good solution in good time. Whether you're training your current team or finding a partner to help support you and your IT team through the tough times, don't leave the decision until it's too late.

 

3. Poor integration between security solutions

There are approximately 4.83 million apps out there… but when it comes to the seamless integration of cloud-based security products and solutions, the Microsoft stack really is the crème-de-la-crème. From everyday favourites Outlook, SharePoint, OneDrive, Office365, Teams to the more specialist Defender for EndpointIntune, Sentinel and Power BI Microsoft has everything a business needs to stay protected in the cloud.

We often find after only a couple of calls with new clients, there are apps installed that don’t need to be, and low-grade apps trying their best to mimic best-in-class apps… When in fact the Microsoft licence that’s in place does exactly what they need – and integrates seamlessly into the environment. We should note that in some instances the license might need an upgrade, but the slickness and security offered by a fully-integrated platform is, we feel, generally worth the small associated cost.


A collaborative approach to protecting the business and its assets

As with most things, a problem shared is a problem halved. A collaborative approach across departments (and their teams and employees) – but it also needs complete buy-in from the Board. This is as much about delivering a successful internal communications plan as it is about a robust, secure IT strategy (in the cloud or otherwise).

A well-architected cloud security solution, educating employees to use cloud technology securely, and investing in personnel, will all help businesses to secure data, devices, networks and applications in the cloud – Microsoft or otherwise.

To find out more about securing your business in the Microsoft cloud, book a quick call with us.