Tag: M365 Security

12 Jan 2023
Top Blogs of 2022

Top Blogs of 2022

Top Blogs of 2022

Last year, we covered a wide range of blog topics, including ransomware prevention and recovery; business continuity management and disaster recovery; and managing Microsoft Azure and Microsoft 365 settings. In case you missed them, here’s a synopsis of our top blogs of 2022. Reviewing these important issues can help your bank or credit union be better prepared for the challenges—and opportunities—that lie ahead in 2023:

1. Best Practices for Ransomware Prevention and Recovery

Ransomware attacks strike a new target every 14 seconds, disrupting operations, stealing information, and exploiting businesses, according to the Cybersecurity and Infrastructure Security Agency (CISA). However, financial institutions that consistently employ best practices can prevent or bounce back from a ransomware assault. As an optimal strategy for prevention, institutions should identify and address known security gaps that can allow a ransomware infection. Since human error is the primary reason for most security breaches, banks and credit unions should focus on providing ransomware awareness training to help employees identify, respond to, and minimize attacks. They can also limit cybersecurity risk by using intelligent network design and segmentation to restrict ransomware intrusions to only a portion of the network and by having overlapping security solutions to provide layered protection. If a ransomware incident does occur, financial institutions should have pre-defined procedures for response and recovery. Many smaller institutions may lack the expertise internally to implement ongoing best practices for ransomware prevention and recovery, but they can work with an external cybersecurity expert to augment their resources. Read more.

2. Your Guide to Business Continuity Management and Disaster Recovery Planning

It can be challenging for financial institutions to implement successful strategies for business continuity management (BCM) and disaster recovery (DR). But our compilation of key strategies and best practices can facilitate the process. BCM encompasses all aspects of incorporating resilience, incident response, crisis management, vendor management, disaster recovery, and business process continuity, and it is an essential requirement for avoiding and recovering from potential threats. DR—the process of restoring IT infrastructure, data, and third-party systems—should address a variety of events that could negatively impact operations, including natural disasters, cyberattacks, technology failures, and even the unavailability of personnel. For successful disaster recovery, institutions should focus on four important “Rs”: recovery time objective (RTO), recovery point objective (RPO), replication, and recurring testing. In addition, leveraging a comprehensive cloud DR service can enhance redundancy, reliability, uptime, speed, and value. Using a cloud DR solution from an external service provider can give institutions the confidence of knowing their DR plan is being thoroughly tested and will work if a real disaster happens. Read more.

3. Managing Security, Identity, and Compliance within the Microsoft Azure and M365 Ecosystem

Microsoft Azure Active Directory (Azure AD) and Microsoft 365 have a distinct ecosystem. Understanding their services and settings is critical for IT administrators to manage security, identity, and compliance within their environment. Institutions can significantly bolster security by implementing some of the basic security settings under the free license level for Azure AD. Adjusting the security default setting, for example, can have a major impact. IT administrators can enable security defaults to enforce non-configurable conditional access policies as well as require multifactor authentication (MFA) registration for all users. IT admins should also review the identity architecture for their institution to ensure all users, devices, and apps connecting to Azure have an identity. Depending on their license level, institutions may be able to modify additional settings, such as allowing global auditing, blocking open collaboration, and restricting outbound email forwarding. Microsoft is constantly revising the features of Azure AD and M365, making it vital for financial institutions to stay on top of their ever-changing ecosystem. Read more to learn how to manage the complexities of customizing your Azure AD and M365 security settings.

Read about other important topics on cybersecurity, compliance, and technology. Subscribe now to the Safe Systems blog to have the latest updates on banking trends and regulatory guidance conveniently delivered to your inbox.

06 Dec 2021
How Layered Security Can Address Growing Cyberthreats

How Layered Security Can Address Growing Cyberthreats

How Layered Security Can Address Growing Cyberthreats

With the increasing complexity of cyberattacks, financial institutions need to implement more effective—and comprehensive—security measures. They need a variety of elements to create a layered approach to secure their data, infrastructure, and other resources from potential cyberthreats.

Many organizations rely on a castle-and-moat network security model where everyone inside the network is trusted by default. (Think of the network as the castle and the network perimeter as the moat.) No one outside the network is able to access data on the inside, but everyone inside the network can. However, security gaps may still exist in this model and others. The best approach to compensate for gaps is to surround the network with layers of security.

The basic “table stakes” for a layered security approach include a perimeter firewall with content filtering, email threat filters, an endpoint malware solution, and a robust patch management process. Banks and credit unions could also invest in additional and more sophisticated layers but each one will have associated acquisition and management costs, along with ongoing maintenance. So, it’s prudent for institutions to invest only in the number of layers/solutions they can competently manage.

Key Concerns

Today the top IT security concern for many organizations is ransomware. Due to the proactive measures many financial institutions have taken, the banking industry has fewer security breaches than health care and some other industries thus far. However, when a breach does happen to a financial institution, the impact is more costly than breaches occurring in other industries.

Four-Layer Security Formula

With these concerns in mind, here’s a four-layer “recipe” organizations can employ to improve their security posture:

  • Training and Testing: Using email phishing tests can serve as a good foundation for minimizing BEC and other social engineering threats.
  • Network Design: Institutions should refresh older networks to segment their components into different zones. It’s no longer sufficient to have servers, workstations, and printers sitting in one IP space together.
  • Domain Name System (DNS) filtering: DNS filtering prevents potentially damaging traffic from ever reaching the network. Because it proactively blocks threats, this makes it one of the most effective and affordable security layers institutions can apply.
  • Endpoint Protection: Institutions should have this type of protection on each of their endpoints, and the best endpoint protection tools have built-in ransomware solutions.

Other Important Considerations

It’s important to back up data regularly and ensure that those backups are well beyond the reach of ransomware and other threats. (Backups done to a local server that’s on-site and are still on the network may be susceptible to ransomware.) One way to address this issue is to have immutable backups, which are backup files that can’t be altered in any way and can deploy to production servers immediately in case of ransomware attacks or other data loss. Another option is to send backups to a cloud solution like Microsoft Azure Storage, which is affordable and easy to integrate because there are no servers to manage.

Another crucial element in security is Transport Layer Security/Secure Sockets Layer (TLS/SSL) encryption protocol, which can be somewhat of a double-edged sword. About 80 percent of website traffic is encrypted to protect it from unauthorized users during transmission. Traditional firewalls don’t have the ability to scrutinize traffic against a content filtering engine, which means savvy hackers can hide ransomware and other dangerous content inside. But firewalls with advanced features are capable of TLS/SSL inspection; they can decrypt content, analyze it for threats, and then re-encrypt the traffic before entering or leaving the network.

There’s an array of security solutions that institutions can implement to establish layered protection against cyber threats. For more insights about this topic, listen to our webinar on “Cyber Threats, Why You Need a Layered Approach.”