We hear about cybersecurity attacks and breaches in the news more and more frequently. Some of these attacks target large firms or government entities (such as the recent breach in Ontario). Others go after smaller businesses or organizations (like the recent attack on the Vancouver Film School). Many organizations are becoming more aware of the dangers of phishing attacks or malicious emails and are looking to improve their security health.
There are many powerful security tools built into your Microsoft tenancy that are designed to protect your organization’s cybersecurity. However, to maintain the health, performance, and protection capabilities of your cyber environment, you need to do regular checkups. You do it for yourself and you need to do it for your organization, too!
So – why should your organization get a monthly or quarterly cybersecurity assessment? What happens during that assessment? And why should you work with a specialist? We’ll tell you. Now stick out your tongue and say “aaaah.”
Experts like our team at Regroove know what to look for when they review your environment and we’re often looking for things you wouldn’t expect. For example, how many of your users like to work from home or from coffee shops? We are going to see if their devices are joined to your environment so that you ensure your corporate data is secure and protected from anywhere in the world. Did you give someone elevated permissions for a project that ended six months ago? We’re going to check that. Are there restrictions on the kind of content or data that can be emailed to users outside of your organization? We’re going to flag that. Our team conducts a thorough assessment and, because both your organization and Microsoft’s cybersecurity protection features are constantly changing, we need to do this assessment regularly.
And yes, we are going to see if you have multifactor authentication (MFA) enabled and whether it is functioning properly. This is the same as eating healthy and exercising regularly. It’s a non-negotiable for good cybersecurity health.
Diagnosis and Prescriptions
After our assessment, it’s time for your diagnosis and recommended prescriptions. We provide this to you in the form of an assessment report. Just like when you visit your doctor, you’ll probably get a generally good bill of health, with a few recommendations. These might include removing inactive users from your tenancy, adding external guests under your MFA requirements, and we will always suggest you work on improving your Microsoft Secure Score.
But often, these assessments catch issues that are indicative of a deeper underlying health concern. If your current licensing doesn’t allow you to set up anti-phishing policies or implement suspicious email quarantine, we are going to recommend an implementation planright away. If your entire organization works remotely, but have not joined their devices in Azure, we’ll schedule you in for that appointment.
Just like your doctor prescribes washing your hands to avoid getting sick, we will also provide preventative health recommendations, such as getting cyber insurance to protect your organization if you do suffer a cybersecurity breach.
Now that you have your diagnosis and prescription, we will launch you on your treatment plan. We triage the most serious concerns first. For example, if you do not have MFA enabled, that will be one of our first priorities (especially since it blocks 99% of all phishing, malicious login attempts, and email hacks). If you want to ensure sensitive data is limited to select users or cannot be deleted, we can work with you to set up customized sensitivity and retention policies. We can show you how your organization can take internal steps to strengthen your Microsoft Secure Score.
The prognosis is excellent. This assessment will give you essential peace of mind that your environment is regularly monitored by experts who know exactly what to look for. You are also generating a strong paper trail demonstrating accountability for maintaining the security of your organization and its data.
A regular cybersecurity assessment is one critical tool of many (such as training your users how to recognize and respond to potential phishing attacks) to keep your cloud environment as secure as possible. If you are interested in scheduling an assessment, fill out the form below and our team of specialists will be in touch.