Insync Tech Talk , Security , | 2020/12/14 at 2:55pm

Why you need to protect employee identities in order to secure your organisation

Security is a popular topic when it comes to IT and for good reason. The Australian Cyber Security Centre’s recently released Annual Cyber Threat Report revealed Australians are reporting 160 cybercrimes every day. Yet whilst there is constant noise and chatter about the need for advanced IT security, many organisations are unaware of the specific areas to focus on.

To understand your current security posture, you need to look at four areas:

  1. Identity Management
  2. Device Management
  3. Information Management
  4. Infrastructure

Only in delving into the details of each pillar can you ensure your organisation is suitably protected.

 

What do we mean by identity protection & why does it matter?

Protecting identity is about setting necessary controls to ensure users are appropriately authenticated before being given access to resources.

With good identity management, we can prevent accounts being compromised and the wrong people accessing sensitive information. This is a highly common workplace occurrence as phishing scams become increasingly sophisticated,” says Ross Newton, Senior Consultant, Insync Technology.

Whilst securing employee identities has always been a consideration, a combination of increased cyber-attacks, dispersed or flexible workplaces and new technology has led to older, traditional authentication measures no longer being fit for purpose. The trusty password is no longer enough.

People are accessing information now in a very different way. They might use public networks or personal devices, both of which shift the boundaries of security. In the past a firewall might have been your go-to security boundary, now it needs to occur based on an individual employee’s identity,” adds Ross.

 

How to ward off an identity crisis

Regardless of the number of employees within your organisation, managing identities is not difficult – as long as you know how.  Modern workplace technology like Microsoft 365, offers in built tools and functionality to assist organisations wanting to strengthen their identity protection.

  1. Multi Factor Authentication (MFA)

Enabling MFA in your workplace is a common first step to securing identities. There are different options on how staff authenticate; using an SMS code is popular whilst employees with access to more sensitive information or with financial controls might opt for a hardware token solution.

  1. Password Policies

In the past, choosing a word or name and adding a number was sufficient for a workplace password. Those days are gone! To ensure your employees are using strong passwords, Microsoft 365 allows you to set controls over the types of passwords they can choose. This might include banning commonly breached passwords, Or phrases and words that are specific to the organisation.

  1. Conditional Access

Conditional Access policies are key to enforcing zero-trust approach to security.  Conditional Access can apply contextual factors such as user, device, location and risk to control access to organisational resources. By setting clear controls and leveraging your MFA, you can control which employees have access to what information and when they have access.

These three things can all strengthen your identity security when used correctly. Strong identity management will have a knock-on effect to your device, information, and infrastructure management. But if you have no MFA in place, for example, you open yourself up to risks and breaches that can then filter through to other areas,” notes Ross.

Picture this: An employee laptop is compromised due to an expired AV solution, without endpoint protection in place, the hacker begins harvesting credentials to log in, significantly increasing the threat to the organisation as a whole.

“If you take the right steps to secure identity, then you have a safety net in the event of poor device management,” adds Ross.

 

Ask the experts

Whilst modern workplace technology has a lot of capabilities, you also need to configure them to meet your specific requirements. According to Ross, there is often an assumption that the system is set and ready to go.

We talk a lot about the benefits of modern workplace technology but in order to reap the benefits, you need to take the time to ensure your system is correctly configured. This requires a certain level of skill that isn’t often found inhouse,” notes Ross.

Because of this, it is logical to seek expert help. Insync Technology specialises in delivering the modern workplace. The team of dedicated specialists work with a broad spectrum of organisations and are therefore exposed to a diverse array of threats, challenges, and possibilities. These experiences and learnings are then applied to other customers.

“We are constantly learning and evolving. When it comes to security, the level of complexity is high and there is a huge volume of information you need to process in order to understand the technology and how it integrates. With so many moving parts, it makes sense to bring in the experts,” concludes Ross.

How secure are your staff identities? Find out how Insync can help level up your security and protect your IT investment. Contact the team today.