Most lessons in cybersecurity are born out of necessity. In this case, it was my need for a haircut.
Last weekend, I was reminded why it’s time to rethink the conventional wisdom about secure passwords and user access. I was making an appointment online and at the very end of the process, the website asked me to sign in to complete the transaction. The problem? I had forgotten my password. I was prompted to answer security questions and then reset my password with a new eight-character word that includes at least one capital letter, one lowercase letter, a number, and a symbol. The thing that bothers me is that I considered re-using another password—maybe the one I use for Facebook or OpenTable—at least then I’d remember it! But I’m in the security industry. I know better. I’ve heard too many stories about a hacker stealing a password from some no-name site only to parlay it into access to a large organization. In the end, I did what we always tell our users to do and generated a unique password (I really needed that haircut), but I understand why so many users don’t. It’s an impossible task, and the truth is, these rules aren’t making us any more secure.
What if we could make user access simpler for users and simultaneously more secure for the enterprise? That’s the topic of the first e-book in a six-part series that describes how you can use the full Microsoft 365 Enterprise E5 suite to comprehensively address today’s security challenges without reducing employee productivity.
The first e-book, Secure access to your enterprise, tells the story of Christina, Vice President of Operations, who is savvy about security, but is also very busy. The e-book gives you a real-world perspective on how the requirements of her job can put the enterprise at risk, even when she does everything right. Learn how Azure Active Directory (Azure AD) integrates with other security products in Microsoft 365 to reduce the likelihood that a user’s password will be stolen, detect when a user has been compromised, and to give you back control when a user is compromised.
Reduce the likelihood that a user’s credentials will be stolen
One of the reasons that user credentials are stolen or guessed is because people must remember so many of them. Even your most senior users may use the same password for several applications, which increases the likelihood that the password will be stolen. A good user access solution simplifies access, so your users are encouraged to use secure authentication methods, and it verifies user identity at every sign-in. The Secure access to your enterprise e-book provides more context around why passwords are at risk and offers up solutions such as Azure AD single sign-on (SSO) that are simple and more secure.
Detect when a user has been compromised
Even when good preventative practices are in place, you need to adopt an “assume breach” mindset. Bad actors have the patience and resources to find and exploit even the smallest vulnerability. Eventually someone in your organization will be compromised. Conditional access can detect when user sign-in behavior deviates from the norm and apply automated, custom policies to confirm identity before providing access.
Take back control of compromised identities
Once you’ve determined that a user has been compromised, you need to respond quickly. Bad actors have been known to sell credentials on the dark web, and once they are inside your organization, they will look for ways to get access to your most valuable data. The Secure access to your enterprise e-book includes several examples of how Microsoft 365 Enterprise E5 products help you respond quickly to limit the damage if you suffer a security breach.
Download the Secure access to your enterprise e-book for more details on how you can move your organization towards a password-less future. Check back next week to read the second e-book in this series, “Discover and manage shadow IT,” which describes how to safeguard your organization against unsanctioned cloud apps and rogue devices.