A secure digital identity has become one of the most important things we have online that we need to protect, not only as individuals but also at a corporate level. As an individual, there are a few simple tricks to achieve better IT securityIT security: secure your assets and minimise risk:
- Don't choose too "simple" a password (a survey by the company SplashData found that the two most common passwords in 2018 are: 123456 and password).
- Don't use the same password on multiple sites.
- Do not share your username and password with others.
Here are some simple tips to protect your personal digital identity. For businesses, it's a bit more complicated. Fortunately, there are security services with features and tools to help IT departments protect users' digital identities.
What is a digital identity?
Digital identity is about ensuring that the user trying to access an app, system, server or data is actually who they say they are.
Security doesn't come automatically when data and resources move to the cloud. It takes tools and knowledge to set up a secure environment. Rikard Burman works as a security expert at AddPro and knows how important it is to protect your digital identity online and in the cloud. To secure your and your users' digital identities, Rikard recommends looking at the following security tools.
Conditional access means that when a user tries to log in, the login is audited. Where does the login come from geographically? Is a known or unknown device being used? From a secure or unknown network? What is the login trying to accomplish? The security service assessing the login may request multi-factor authentication or restrict access if something is insecure.
Two-step verification or multi-factor authentication is a way to increase security by requiring two types of identification of a user. For example, in addition to the password, it may involve entering a code from a text message or validating the login in an app on the phone.
There is a balance between security and usability. Too much security creates frustration and increases the risk of users finding their own solutions outside the control of the IT department. Logging on to the office network or from a known device should be easy. Logging in off-site or from an unknown device is blocked or requires additional verification from the user.
What happens if someone tries to log in from an infamous IP address or makes several failed attempts to log in? Is it a brute force attack? The IT department doesn't have time to constantly monitor everything that happens. Smart locking recognises valid users and helps IT manage attacks and lock out attackers.
Security is often seen as the opposite of usability, but when it comes to permissions, it's just the opposite. By making the assignment dynamic and looking at title, department, location, etc., you can assign users the right permission and license. Permissions can relate to what apps the user can install, what resources and folders they can access and what files they can access. Users will have a more manageable and easy to work with IT environment when it only contains resources they have access to.
Looking at logs may sound boring, but it's important. By tracking how your company's resources are used, which devices and users are logging in and from which networks, you can get a clear picture of the security situation. Are you particularly affected by bottlenecks? Do employees often use insecure networks? With logging, security issues can be resolved proactively, which is good for your business and for your employees, who avoid disruptions in IT delivery.
Microsoft Enterprise Mobility + Security is the choice for IT security
Microsoft's security suite is called Enterprise Mobility + Security (EMS) and has several features to help you protect your users' digital identities from threats. The Azure portal is the hub that helps increase security as more and more people work flexibly in the cloud. Unfortunately, too few take security seriously. This may be due to a lack of time or ignorance of the possibilities offered by the tools.
- Few take advantage of the power Microsoft offers with its Microsoft 365 licensing. Many people think it takes the most expensive add-on services to get security up, but there's a lot to be gained even in the smaller Microsoft packages," concludes Rikard.
Do you have control of your company's resources in the cloud? Are you protecting your digital identities effectively? Download our guide and learn how to take control of cloud security. Or book our SecureIT EM+S workshop and learn about cloud security and try your hand at secure devices, identity protection and data protection.