How to go from quick fix to long-term IT security
How high is the security of your company? Most computers are sold with virus software and you probably have passwords on your office wireless network - you know, the one on the whiteboard in the conference room. But what does it really look like now that your colleagues are out in the cloud working? Security usually doesn't come into focus until something happens.
"It won't happen to us" IT security
A common reason why many people do not actively work on security is the perception that their own company is unimportant. "Why would anyone want to hack us?" is a common attitude. But no one gets lost in the crowd online. Today, everyone is interesting to hackers, big or small. Rikard Burman is a Microsoft 365 consultant at AddPro specializing in security and sees how companies, even after a breach, fail to address security in a thoughtful way.
- Too many businesses that suspect they have been attacked change their users' passwords. Usually they don't do anything more and hope it was a one-off," says Rikard.
IT security in the basement and in the cloud
Which is more secure - the basement server room or the cloud? There's a false sense of security in thinking that servers that IT can go down and pat are safer than what's in the cloud. At the same time, many people have an overconfidence in the security of the cloud, a "someone else will fix it" attitude.
- It's quite simple. Without an IT security strategy, the basement and the cloud are equally insecure. Cloud providers guarantee their service, but you as the IT manager need to ensure that your employees have protected login IDs, secure devices and that your data is safe.
Businesses that stay in the basement in fear of the cloud risk not only losing flexibility, productivity and access to new features. Security tools in the cloud are evolving faster and are supported by resources that on-premises IT wouldn't even dream of.
"Börje, where did this invoice come from?"
Getting hacked is not like in the movies. Computer screens don't go blank. There are no strange characters dancing across the screen and no red download stacks filling the screens of the IT department (and by the way, the IT department doesn't look like a cross between a futuristic air traffic control and a 3D development lab). Rikard talks about how one company discovered a breach by an invoice coming from a salesman's email to the finance department, nothing strange about that. The invoice came from a known vendor but when it was due to be paid, the bankgiro number didn't match. After contacting the vendor, he had not sent an email. Completely undramatic but well thought out.
Improving IT security with Microsoft tools
When it comes to increasing security, there are clear benefits to being in the cloud. If the IT environment rests on physical servers, a lot of upgrades, perhaps new software and a lot of work may be required to raise the level of security. Raising IT security in the cloud can be ordered quickly and easily without requiring resources from on-premises IT for implementation. Microsoft has several tools to help companies raise IT security. One of them is the Secure Score, a tool to get an idea of the current state of security with respect to the Office or Azure environment. For smaller companies that do not have their own IT security officer (CSO), Microsoft has launched a site called Your New CSO with tips for those who want to increase security in their company.
IT security's strongest tool - your colleagues
Both Microsoft Your New CSO and Rikard stress the importance of training colleagues to work safely and to think before they click on a link or attachment. Because despite all the advanced protections and intelligent systems, often the big risk is people's behaviour.
- Continuous training of staff is essential. What does a phishing email look like? What to be careful of? And it's constantly changing. New types of intrusions and increasingly sophisticated ways of getting hold of users' login details are constantly emerging," says Rikard.
Get a security strategy today!
It's never too early to start working on security. However, it can very quickly become too late. If you start security work before a breach, it's both easier and less costly than cleaning up after one. Rikard offers an IT security kick-start so you can get started today.
- Run Microsoft Secure Score to get a now value. With Secure Score, you can get an idea of the state of play and measure how security is improving.
- Then do a safety review. A security audit goes deeper than Secure Score and looks at how logins and data flow throughout the company, how colleagues work and on which devices.
- Attend a workshop specifically focused on IT security. By raising awareness of digital threats and looking at security tools, understanding of IT security will increase.
- Make an action plan to improve IT security. Rank the actions so that you start with those that have the greatest impact on security but the least impact on users.
- Implement security on a pilot group. Don't do everything with everyone at once. Put together a group with representatives from all departments.
- Roll out security features in stages to suit your business size and operations. Department by department or office by office.
- Set up procedures for ongoing work. IT security is not a quick fix, it's a work in progress. Measure your Secure Score, train staff and keep an eye on what's happening by reading blogs.
- And don't forget that 99.99% of all threats are stopped by Multi Factor Authentication.
Take control of your IT security today! In our SecureIT workshop, you'll get to try out the various Office 365 tools that protect your company's data, identities and devices from online threats!