Attention: The Safe Systems website is transitioning to UFSTech.com. Please access our client portal, news, and blog posts from there.

Tag: IT Admin

09 Jun 2022
Planning for Safety, Soundness, and Resiliency
Banks, Compliance, Credit Unions The Safe Systems Compliance Team 0 comment

Planning for Safety, Soundness, and Resiliency

Planning for Safety, Soundness, and Resiliency

With the rise in cybercrimes and increased regulatory scrutiny, having a board-approved IT Strategic Plan is often not enough to ensure cyber resiliency. It’s essential for financial institutions to develop a robust IT management and information security infrastructure. The following excerpts from our recent white paper on “Building IT and Information Security Resiliency in Chaotic Times,” show how institutions can strengthen and support these key management roles to make better technology and security decisions, improve visibility, and reduce vulnerability. In addition, institutions can use strategic partners and risk management solutions to bolster resources they already have in place and enhance their overall cyber resilience.

1. Separating ISO Duties

Examiners have a strong interest in the IT administrator and ISO roles, which are interconnected and integral to an institution’s safety and soundness. However, many community banks and credit units still struggle with meeting the FFIEC requirements for segregating these positions. The importance of separating ISO duties relates to creating additional oversight to verify activities and maintain accountability to management and the board. Separating these functions also helps to build a clear audit trail to ensure risk is being accurately assessed and reported to senior management. While the ISO functions in an oversight capacity of the IT administrator, the ISO also relies heavily on the administrator to share data that can be used to recommend steps to improve the institution’s security posture. Therefore, the IT admin-ISO relationship must also be cooperative to ensure their daily activities support the organization’s policies and procedures.

2. Being Proactive about Succession Planning

Regulators expect financial institutions to have a formal succession plan for the ISO, IT administrator, and other key leadership roles, as indicated by the uptick in exam findings related to this issue. Depending on their size, type, and goals, institutions may employ different approaches for succession planning. They can identify and train someone to serve as an alternate or “backup” for various IT or ISO responsibilities, incorporate an internal committee or team approach for managing IT and information security, or use the support of a trusted third party to maintain IT and information security standards.

3. Partnering with a Trusted Third Party

An outside expert can provide an objective perspective that can help institutions think beyond the day-to-day issues and consider risk more proactively and strategically. Bringing in a technology partner on the front end—when things are going well—can also position institutions to be stronger and more successful in the future. For instance, a virtual information security officer (VISO) can expand an internal ISO’s capabilities and increase the likelihood that all ISO-related tasks are completed in a timely and efficient manner. A VISO can also provide an external layer of oversight to enable the required separation of duties.

ISOversight®, our virtual ISO service, makes it easier for financial institutions to master information security and manage compliance online. ISOversight is a comprehensive solution with a full suite of applications and resources, cyber risk reporting, and dedicated compliance specialists. It’s uniquely designed to help banking institutions enhance their strategies to improve IT management, information security, and compliance. With ISOversight, community banks and credit unions can ensure that no information security issues fall through the cracks—especially during challenging times.

For more information about how to enhance your institution’s security posture, read the full white paper on “Building IT and Information Security Resiliency in Chaotic Times.”

22 Apr 2022
More Microsoft Azure and 365 Security Basics
Banks, Credit Unions, Technology Marshall Jones 0 comment

More Microsoft Azure and 365 Security Basics

More Microsoft Azure and 365 Security Basics

Banks and credit unions today face an ever-increasing number of cloud security hazards. Here’s the good news: Financial institutions that use Microsoft Active Directory (Azure AD) and Microsoft 365 can lower their risk by modifying their security settings for these services. Not only can this help the financial institution minimize threats, but it can allow them to customize the features of Azure AD and Microsoft 365 (previously called Office 365) to their specific preferences and requirements.

Organizations are responsible for managing Azure AD and its security settings because when they purchased M365 licenses, they established a Microsoft tenant with Azure AD. From a compliance perspective, adjusting Azure AD’s settings is crucial since Microsoft automatically enables certain features that may violate or conflict with compliance policies for organizations in regulated industries.

Optimizing /M365 and Exchange Online Settings

Depending on your institution’s licenses, there is a wide range of security and compliance settings you can customize in Azure AD, M365, and Exchange Online such as:

  • OneDrive and SharePoint Sharing: Review the default level of sharing to control the flow of data based on what is appropriate for your institution.
  • Teams and External Collaboration: Review the platform’s default security and compliance settings, and if they are not sufficient, you can block all external domains to keep users from communicating externally.
  • Exchange Online: Control access, how emails are transmitted, the types of messages users can send to recipients in external domains, and the devices or apps that can connect.
  • Protection Center: Use the Basic Mobility and Security feature to manage and secure the mobile devices that are connected to your Microsoft 365 organization.
  • Security Center: Optimize email management by employing anti-spam policies for inbound emails, blocking automatic forwarding of outbound emails, using phishing simulations, quarantining potentially harmful messages, and blocking messages from fake senders.
  • Compliance Center: Implement a retention policy to manage the data by proactively choosing how to retain or delete content.
  • M365 Admin Center: Use modern authentication‎ in ‎Exchange Online‎ to enhance your institution’s security with features like conditional access and multifactor authentication. (Microsoft‎ strongly recommends turning off basic authentication for your organization.)

More Ways to Boost Security

You can further enhance cloud security by modifying the settings related to Azure AD Premium P1, Intune, and Azure Information Protection (AIP) licenses. With Azure AD Premium P1, for instance, you can include your institution’s logo, color scheme, and other branding elements on your Azure AD sign-in pages. You can also employ the hybrid Azure AD joined devices, conditional access policies, and password protection features. Microsoft Intune integration lets you configure policies to control how your institution’s devices and applications are used, including smartphones, tablets, and laptops. And AIP allows you to use deep content analysis to minimize data loss and enhance the labeling capabilities of Microsoft 365 to protect documents and emails.

M365 Security Basics Can Help

There are countless security settings that can be adjusted in Azure AD and /M365, and Microsoft is always introducing new features. This can make it difficult for institutions to ensure they have the most appropriate security, identity, and compliance settings—but our CloudInsight™ M365 Security Basics solution can make the process easier. M365 Security Basics is a collection of services designed to give community banks and credit unions a cost-effective way to manage their M365 settings. It offers reporting, the delivery of Microsoft data in a user-friendly format; alerting, notifications of the most common indicators of compromise; and quarterly reviews, expert analysis of M365 Security Basics reports, and explanations of the risk visible on the report and ways those risks may be mitigated.

To learn more about how to customize your institution’s Azure AD and M365 settings to bolster cloud security, access our “Microsoft Azure and M365 Security Basics” white paper.

17 Feb 2022
Microsoft Azure and 365 Security Basics Featured Blog Image_Featured Image
Banks, Compliance, Credit Unions Eric Delgado 0 comment

Microsoft Azure and 365 Security Basics

Microsoft Azure and 365 Security Basics Featured Blog Image_Featured Image

Financial Institutions that employ Microsoft 365 (also known as M365 and formerly branded as Office 365) are in the Cloud, and therefore, face a growing number of cyber threats. Consider this: The FBI’s Internet Crime Complaint Center (IC3) has seen a 400-percent increase in cybersecurity complaints since the pandemic started.

The surge in cybercrimes means financial institutions that use M365 need to focus on protecting their assets in the Cloud. Our CloudInsight™ M365 Security Basics makes it easy and affordable for institutions to start the process. M365 Security Basics provides visibility into security settings for Microsoft Azure Active Directory (Azure AD) and M365. Banks and credit unions can leverage this multi-faceted solution to get ahead of cyber threats and enhance cloud security.

Importance of Customizing Your Azure AD and M365 Settings

Your financial institution likely has a Microsoft tenant with Azure AD, whether you realize it or not. This is partly because every exchange online and M365 implementation requires the creation of a Microsoft tenant and Azure AD, even if the services are managed through a third party. There are also many other scenarios requiring the creation a Microsoft tenant, making it rare for most institutions not to have one.

It is important to understand whether you have a Microsoft tenant with Azure AD because the tenant belongs to your institution—not the licensing reseller—it is your obligation to know how to manage the security settings in these systems, including Azure AD, M365, and Exchange Online. This can be challenging because Microsoft’s default settings might conflict with your institution’s security and compliance requirements. Therefore, you must customize these settings to create more sophisticated and appropriate security, identity, and compliance policies for your institution. This should entail building policies around what users are allowed to do, what your institution’s risk assessment defines, what your institution’s compliance policies dictate, and what users will tolerate.

Once your institution has sufficient policies in place, it is essential to monitor for exceptions with reporting and alerting. And with the proper license, you can further enhance cloud security by optimizing the settings for Azure AD Premium P1, Intune, and Azure Information Protection.

How M365 Security Basics Can Help

Microsoft is constantly adjusting its platforms and automatically enabling new features to adapt to an ever-evolving security environment, making it difficult for banks and credit unions to keep up. Partnering with a value-added technology expert like Safe Systems can help you better manage your M365 tenant. Our M365 Security Basics service identifies cloud security blind spots and common risks such as compromised user accounts, enabled insecure protocols, and targeted phishing or SPAM attacks.

M365 Security Basics key services:

  • Reporting – Collects Microsoft data that may not be readily available to institutions and assembles it in a user-friendly format
  • Alerting – Delivers notifications for the most common indicators of compromise in Microsoft M365 tenants
  • Quarterly reviews – Provide a vital, objective look at M365 Security Basics reports to help institutions determine the optimal security settings for their requirements

The Importance of MFA

An invaluable security control financial institutions should also consider implementing is multi-factor authentication (MFA). MFA applies a combination of factors to validate people’s identity before giving them access to sensitive data, account information, and other assets. MFA offers effective, low-cost protection against cyberattacks and other threats; and not implementing this security feature in Azure AD is risky. According to Microsoft, 99.9 percent of account compromises can be blocked with MFA, but the overall MFA adoption rate we have seen in the financial industry is only around 46 percent.

The bottom line: Microsoft is constantly enabling and disabling features in Azure AD and M365—, therefore, financial institutions must be able to manage the complexities of optimizing their security, identity, and compliance settings. To learn more about how your institution can customize Azure AD and M365 settings to enhance cloud security, read our “Azure and M365 Security Basics” white paper.

16 Nov 2021
Using the Free Features of Microsoft Azure AD and O365/M365 to Enhance Cloud Security
Banks, Credit Unions, Technology Marshall Jones 0 comment

Using the Free Features of Microsoft Azure AD and O365/M365 to Enhance Cloud Security

Using the Free Features of Microsoft Azure AD and O365/M365 to Enhance Cloud Security

Microsoft Azure Active Directory (Azure AD) and Office 365/M365 have a variety of free security settings that financial institutions can customize to their needs. These settings are important because they can enhance an institution’s cloud environment and operational security—and they’re available to everyone with Azure AD or O365/M365. Remember, even if the license was acquired through a third party, your institution is still responsible for managing all the security features of these cloud-based solutions.

Be aware that while adjustments made to the defaults can strengthen your cloud security, they will also impact the way people use the products. For instance, multifactor authentication (MFA) is a great first step at improving the security of your cloud environment but does impact how your users will log in.

Here are some other important free security settings you can optimize in Azure AD and/or O365/M365 to enhance security:

  • Global Auditing — The global auditing feature logs events that happen across Azure AD and O365/M365. It is advisable to enable Global Auditing. The information gained with this feature can help troubleshoot problems and investigate issues. Once Global Auditing has been enabled, it can take about 24 hours for the new setting to take effect.
  • Alert policies — Alert policies are designed to help you monitor threats against your existing resources. There are default built-in policies, and you can also create additional custom policies for free on your own. Keep in mind, you need to set the target recipient(s) for these policies.
  • Sharing in Microsoft OneDrive and SharePoint — Since these products were created to foster collaboration, their default setting is normally set to enable external data sharing. This allows users to create anonymous access links that make it possible for anyone in any organization with OneDrive and SharePoint to sign in and view their information. It is recommended that you review the level of sharing to control the flow of data based on what is appropriate for your organization.
  • External access in Microsoft Teams — Teams is set up by default to make it easy for individuals to connect with users located anywhere in the world, even in other organizations. You should review the platform’s security and compliance settings to ensure it fits your organization’s standards. You can block all external domains to restrict users’ ability to communicate externally.
  • Enterprise applications — Enterprise apps can represent a huge risk if users have the freedom to add them on their own. You can change the security setting to prevent anyone from randomly adding apps without the administrator’s approval. When this feature is activated, Microsoft will block users’ attempts to add apps and notify the administrator, who can approve or deny their requests.
  • Application registrations — Similarly, institutions can alter their security features to block users from registering any applications. There’s rarely a reason to allow users without administrative rights to create app registrations, so reviewing and/or adjusting this setting is essential.

Making these adjustments will help you to maintain control over users’ activities and tighten security. To learn more about M365 security topics, listen to our recent webinar, Ask the Experts: O-M365 Security Basics for IT Administrators.

Safe Systems’ M365 Security Basics solution provides visibility into these and other security settings and allows banks and credit unions to regularly monitor and review their configurations making it easier for them to manage their Azure AD and O365/M365 accounts.

© 2025 UFS and Safe Systems are now the same company. Safe Systems is a registered trademark in the US. All rights reserved. Privacy Policy