4 minute read
How Strong is Your Cloud Security? Microsoft Azure and 365 Security Basics
Financial Institutions that use Microsoft 365 (also known as M365 and formerly branded as Office 365) are in the Cloud, and therefore, face a growing number of cyber threats. Consider this: The FBI’s Internet Crime Complaint Center (IC3) has seen a 400-percent increase in cybersecurity complaints since the pandemic started. And Illinois is not exempt. Earlier this year, an Itasca, Illinois woman who leveraged a business email compromise scheme was indicted on 36 criminal charges. According to prosecutors, she defrauded at least 9 banks and the US SBA and walked away with nearly $375,000.
The surge in cybercrimes means banks that use M365 need to focus on protecting their assets in the Cloud.
The Importance of Customizing Azure AD and M365 Settings
Your bank likely has a Microsoft tenant with Azure AD, whether you realize it or not. This is partly because every exchange online and M365 implementation requires the creation of a Microsoft tenant and Azure AD, even if the services are managed through a third party. There are many other scenarios requiring the creation of a Microsoft tenant, making it rare for most institutions not to have one.
You need to understand whether you have a Microsoft tenant with Azure AD because the tenant belongs to your bank—not the licensing reseller—and it is your obligation to know how to manage the security settings in these systems, including Azure AD, M365, and Exchange Online. This can be challenging because Microsoft’s default settings might conflict with your institution’s security and compliance requirements. Therefore, you must customize these settings to create more appropriate security, identity, and compliance policies for your bank. This entails building policies around:
• what users are allowed to do
• what your bank’s risk assessment defines
• what your institution’s compliance policies dictate
• and what users will tolerate
Once your bank has sufficient policies in place, it is essential to monitor for exceptions with reporting and alerting. And with the proper license, you can also optimize settings for Azure AD Premium P1, Intune, and Azure Information Protection.
The Importance of MFA
An invaluable security control banks should also consider implementing is multi-factor authentication (MFA). MFA applies a combination of factors to validate people’s identity before giving them access to sensitive data, account information, and other assets. MFA offers effective, low-cost protection against cyberattacks and other threats. According to Microsoft, 99.9 percent of account compromises can be blocked with MFA. However, we’ve only seen the MFA adoption rate in the financial industry to be around 46 percent.
The Bottom Line
Microsoft is constantly enabling and disabling features in Azure AD and M365, therefore, banks must be able to manage the complexities of optimizing their security, identity, and compliance settings. Partnering with a technology expert like Safe Systems who offers a service designed specifically to manage and report on your M365 tenant can help you better identify common risks such as compromised user accounts, enabled insecure protocols, and targeted phishing or SPAM attacks.
CloudInsight™ M365 Security Basics is just one service in a set of connected applications and powerful monitoring and reporting tools that can be customized to eliminate your bank’s unique compliance pain points. We developed COMPaaS® (Compliance as a Service) as a new way to buy IT and compliance services that allow you to choose only the services you need. For a limited time, save $1,000 when you purchase M365 Security Basics or another COMPaaS service!
To learn more about how to customize Azure AD and M365 settings to enhance cloud security, read our “Azure and M365 Security Basics” white paper.
Eric Delgado Safe Systems Technology DevOps Engineer
