Too many companies think that a good firewall, up-to-date virus protection and a code lock on the server room are the fortress and moat needed to protect their employees and provide good information security. But what happens when your employees venture into the cloud? Who will protect them then? One way to build a strong armor for your users and data is by implementing Microsoft 365.
No company today is an independent castle
Ingemar La Fleur is an advisor and licensing expert in Microsoft products and services at AddPro. He meets many stressed IT managers who are focused on building strong protection for those working inside the office. When Ingemar asks what devices employees are allowed to use at home, many of them start to screw up. Because of course they can check email on their phone or log in with a tablet!
- The over-protective IT department remains, locking instead of enabling. They forget that just because you're sitting behind a desk doesn't mean you're working safely and are protected," says Ingemar.
The emails on your phone are just the first step. Most people are in the cloud in one way or another, consciously or unconsciously. Microsoft Office 365 with OneDrive is in the cloud and most people use some form of cloud service to make their workday work. It could be a collaboration tool or a planning tool. Let's look at how you can build a strong suit of armor.
Passwords are not the strong shield many think they are
Have you set a password policy with upper and lower case letters, special characters and numbers? What good is it if an employee has downloaded a browser extension that has a keylogger or if the password is typed into an Excel sheet?
- Today, it is more important to have a long password than a complex one. Even better is two-factor authentication. We have a security app ourselves. I just type in my email address and then I authenticate on my phone without exposing my password. It's convenient and very secure.
You need to put on the information security armour
Okay, you've invested in secure tools in Microsoft 365. Of course, there are different packages with the main difference being how much can be automated. But if none of your employees use the tools available, they remain idle. In the smaller packages, for example, document classification is manual. In the larger packages, it can be automated. A document containing a card or social security number is automatically encrypted - gets its own little piece of armour.
The larger packages include Artificial Intelligence and Machine Learning for information security that learns how you work, what types of documents are opened and who is working on what.
- Looking back, we had anti-virus software locally on our computers that we updated with lists of known threats, but we couldn't protect ourselves against anything unknown. The same was true of firewalls. What's new with AI is that it can see risks before we identify them. AI can quickly sift through incredibly large amounts of data to spot patterns and anomalies.
Security risks have changed dramatically since we went to the cloud. There is a desire for open information flows to increase productivity and collaboration. At the same time, data is becoming increasingly business-critical and therefore vulnerable. Threats to online information security are becoming more complex and it is becoming more important to be careful that data is not leaked or hijacked by ransomware, for example.
IT security and information security is everyone's responsibility
Ingemar says that he often encounters the misconception that buying a cloud service absolves the user from responsibility for security - but that's not how it works. Of course, the cloud provider is responsible for the availability of the service and that the tools offered do what they are supposed to do, but that all the data users upload to the cloud is secure is their own responsibility. It is the responsibility of management to ensure that IT security tools and procedures are in place.
- A company can never abdicate responsibility for security. Each employee is always responsible for their own behaviour and the data they work with. Tools in Microsoft 365 make it easier but everyone must use them. Otherwise, they are of no use," concludes Ingemar.
Do you keep track of your employees' digital identity? Are your devices and data secure inside and outside your castle? Try out the information security tools of Microsoft Enterprise Mobility + Security, EM-S, in our SecureIT workshop. Try on the armor that protects users and ensure your information security. Register today!