As we continue to grow our digital footprint, taking more of our processes, our data, and our people online, safeguarding our cloud environment has never been more important.  

The recent spike in remote working we’re seeing across the world can have an adverse effect on the health of our tech systems.  

As we increase our usage of cloud-based tools, we also make ourselves more vulnerable to bad actors that might look to take advantage of this growing surface area.  

Our heightened dependency on cloud infrastructure means that the stakes are even higher when it comes to keeping your digital operations performing as they should.  

That’s why it’s critical that businesses redouble their cybersecurity efforts to protect themselves and their employees from malicious online activity. 

To help your business stay safe no matter where and how your employees are working, we asked Microsoft MVPs and cloud experts for their tips and best practices.

Get more Azure optimization tips from cloud experts in our new white paper

 

 

Meet our Azure experts

 

Gregor Suttie is an Azure MVP, Head of Development Services for Sword IT, and a specialist in Azure and DevOps with over 20 years’ development experience.

Pete Gallagher is a freelance IT Consultant, Microsoft Azure MVP, and owner of PJG Creations Ltd.

Ragnar Heil is EMEA Channel Account Manager at Quest, a Microsoft MVP for Office Apps + Services and an accomplished technical author.

Charbel Nemnom is a Cloud Architect, ICT Security Expert, and Microsoft MVP with over 17 years of IT infrastructure experience.

Jaap Brasser is a Developer Advocate at Rubrik, an Azure MVP and a regular speaker at global tech conferences.

Reducing the security challenges that come with a dispersed workforce 

Jaap Brasser: Good security is a combination of education and using technology to achieve this goal. Having a form of device management to ensure basic things such as updated software, security functionality of the platform, and disk encryption already goes a long way. 

Having Multi-Factor Authentication is a big boost to security, and helps to ensure that the user that authenticates is the person they say they are. Informing employees about the dangers of phishing and educating them on how to limit their risk of getting phished is very valuable too. 

I would say store the files in the cloud; try not to store anything work-related on your own personal PC, and use something like OneDrive. Gregor Suttie

Charbel Nemnom: As more users are working remotely and need to access resources, businesses need to ensure that Multi-Factor Authentication (MFA) is enabled to enhance their identity protection.  

MFA is super important; it’s the number one security recommendation. Some users might also need remote access to servers on Azure infrastructure via RDP or SSH. Instead of allowing full 24/7 access to those servers, organizations should use Just-In-Time (JIT) access to those servers. A VPN must also be used. 

“If a business is already hosting some of their workloads on Azure, I highly recommend enabling Azure Security Center and reviewing and remediate any vulnerabilities to make sure their security score is high.” 

Pete Gallagher: If possible, arrange for any staff to have time with the IT team to help them over any technical issues they may have. Drafting easy to understand documentation for staff to follow would be great, including any video tutorials, if possible.  

Likewise, providing time for remote staff to have access to advice when they need it is very important. Staff members shouldn’t feel as though they are on their own trying to work through problems, as this will likely lead to issues.

“Providing all of these resources will benefit the company long after the lockdown has ended as it will provide staff with the ongoing means to work remotely well into the future.

How industries can use tech to mitigate risk

Pete Gallagher: Industries, companies, or teams that work in sectors that deal with highly sensitive information are going to need to be very careful in how staff work remotely. This will doubtless affect those in the banking, health, and schooling sectors, where highly personal information is at risk.  

Making sure that staff have the facility to VPN into their work network and access sensitive data directly, rather than needing to take this home, is a key factor. If sensitive data does need to be off-premises, having a good security strategy is very important; this includes making sure that drives are encrypted, passwords are strong, and two-factor authentication is enabled where possible.  

Likewise, if staff are using their own technology, it’s important that staff understand the risks of things like social media.

Ragnar Heil: ”Holistic modern workplace systems like Microsoft 365 don’t only include collaboration and communication tools; they also offer identity management and modern authentication approaches like “Windows Hello” for passwordless logins, just using webcams and your eyes. That’s helpful in case your children know your PC PIN.   

“In case a smartphone is lost or stolen, all data can be wiped away. The Security and Compliance Center is notifying admins automatically when suspicious behavior appears—this user should be in their home office now.

“Did they log in from San Francisco and two hours later in Sydney? That seems to be a hacker! It’s all about discovering security threats earlier, fixing it faster, and hardening the systems with machine learning capabilities.”
   

“My number one recommendation is to store all of your business-critical and confidential data in complaint and secure cloud systems. If a thief enters your house and grabs all digital business devices like PCs, Macs, phones, and tablets, then they are going to be disappointed as they won’t be able to open the files even though they’re now in charge of the hard disk, thanks to Azure Information Protection. ” 

Charbel Nemnom: All industries are at security risk from working from home. The coronavirus is already impacting cybersecurity. I’ve seen two main trends: attacks that aim to steal remote user credentials and weaponized email attacks.  

Again, Multi-Factor Authentication should be enabled to enhance user identity protection. To protect against weaponized phishing attacks, I highly recommend using services like Office 365 ATP and Exchange online protection.”

Also, make sure your devices have the latest security updates installed and an antivirus or anti-malware service. For Windows 10 devices, Microsoft Defender Antivirus is a free built-in service enabled through Settings. Turn on cloud-delivered protection and automatic sample submission to enable artificial intelligence (AI) and machine learning to quickly identify and stop new and unknown threats. 


Practical advice from Azure experts to help you weather the storm

With extensive insights, advice, and best practices from cloud leaders, our brand new white paper is the ultimate guide to optimizing your business with Azure.

Fill in the form below and we’ll send your free copy of the white paper straight to your inbox.