Security: A persistent struggle

October is National Cybersecurity Awareness Month, which means now’s the perfect time to take a closer look at risks and encourage a secure organizational culture.

Cybersecurity is a challenge for every customer. For small and midsize businesses, the average cost of a breach reached USD120K in 2018, 36 percent higher than in 2017. For enterprises, average costs increased by 24 percent to USD1.23 million.1 Your customers could face major losses due to breaches and need your help staying safe.

Security is core to Microsoft and comes standard in all our technologies. We reached out to several members of our leadership team to get their top tips for helping your customers stay secure:

Top five cybersecurity tips

  1. Take a “Zero Trust” approach

Joy Chik, Corporate Vice President, Identity

 

Securing networks at the perimeter with usernames and passwords isn’t enough to protect an organization. Because users are now accessing data from apps that you don’t operate and devices you don’t own, you can’t assume that any particular user—or the device, app, or network they’re using—is completely safe. A Zero Trust security strategy assumes they’re all risky.

Azure Active Directory (AD) conditional access provides next-generation access controls enhanced with machine learning and threat intelligence. It lets you create very specific rules that dynamically assess the risk of each access request from multiple angles: the identity of the user, the type and health of their device, the app they’re using, the network they’re using, and the data being accessed. You can set granular policies that, based on these various risk factors, automatically determine whether to grant access. Taking a Zero Trust approach with Azure AD conditional helps you establish the strongest possible security posture for your customers.

 

  1. Go password-less

Ann Johnson, Corporate Vice President, Cybersecurity Solutions Group

 

We are on a mission to be password-less. At Microsoft, we want you to authenticate in ways that are easier. And we’re already making those changes. Today when I use my phone, I authenticate using my thumbprint, or face.

During the next two years, we anticipate the move to newer authentication methods for both consumer and enterprise applications to significantly increase as passwords are simply too easy to hack. Most people re-use the same password for multiple purposes, and one hack can compromise multiple sites.

Password replacement options exist today that are easy to use and can greatly reduce risks. Windows Hello, Microsoft Authenticator, and other methods provide a simple, secure sign-on experience. I suggest that all partners become familiar with these products and services for easy ways to help protect your customers.

Hear more from Ann on replacing passwords

 

  1. Keep devices current

Mike Adams, Enterprise Mobility Customer Experience

 

One of the best, and also easiest, ways to protect your customers is to ensure they’re running the most current software. We work hard to keep our software safe from breaches.

For example, Windows 10 and Office Pro Plus automatically download and install security updates to make sure users’ devices are up to date with the latest security improvements. In the new cloud-first world, it’s important to keep your devices updated in conjunction with their service-side counterparts. If your customers aren’t on the latest versions of Windows and Office, they face greater risk from cybersecurity attacks. Ask your customers how they’re managing devices, then help identify areas where you can add value by helping them not just get up to date but stay up to date on Windows and Office.

 

  1. Stay on top of data

Hayden Hainsworth, Customer Experience Engineering Leader, Cybersecurity Engineering, Cloud + Artificial Intelligence Security Division

 

No matter how much data an organization owns, losing it is costly. Last year, seven billion records2 were exposed in the first three quarters of 2017 alone. Seven billion.  As seen in the annual Microsoft Global Security Report and the Verizon Data Breach Investigations Report, every organization is a target and threats are increasing.

To protect what you own, you first need to know what you have, and to classify each piece of data automatically according to its impact on your organization. It sounds daunting, but it doesn’t have to be! With Microsoft Information Protection, you can help customers discover, classify, and protect all their data, no matter where it’s stored or who it’s shared with.

 

  1. Protect SMB customers

Parri Munsell, Managing Director, Microsoft 365 Partner Marketing

 

Your SMB customers likely have concerns about protection from cyberattacks and data safety, but may lack even basic protections against the most common threats.

To address this, we’ve recently added advanced security features to Microsoft 365 Business, including Office 365 Advanced Threat Protection, data classification through Azure Information Protection, data loss prevention, and more—all at no additional charge.

And starting this year, the new Microsoft 365 Business Scholarship 2019 Program rewards eligible partner employees with a chance to attend advanced training in Greece. Only the first 100 partner employees to qualify will get a spot, so apply today!

 

Threats are always evolving

 

With increasing focus on protecting organizations, security should play a role in most customer engagements. Threats from ransomware, data breaches, and loss of intellectual property are increasing for every business, and many struggle to manage security.

We are extending our security best practices to our partners participating in the Cloud Solution Provider program by introducing new, mandatory security requirements such as Multi-Factor Authentication to access our transaction tools that will further secure partner credentials to protect partners and customers from unexpected security related incidents and financial damages caused by unauthorized access.

Help protect your customers from an ever-evolving threat landscape with Microsoft 365. It combines powerful tools, features, and intelligent security into one integrated solution. If you haven’t tried it out, take advantage of our free Microsoft 365 E5 trial and experience it for yourself.

 “One of the things I’m asked for the most from partners are building blocks to help them develop a security practice more quickly. We have a lot of great options! Our resources cover partners who are in the early steps of building an offering through to Level 400 content for those already deep in the architecture. My advice is to first take time to evaluate the top needs of your customers, compare these against your current practice to identify gaps, and then prioritize the strategy you want to take based on the customer problems you’re solving.”
– Natee Pretikul, Microsoft 365 Security and Compliance Partner Marketing

With worldwide security spending on track to hit USD96 billion in 20183, there’s a huge opportunity for each and every partner. If you’re just starting out with security, use the Microsoft 365 Security Assessment Proof-of-Concept to identify customers’ pain points. For partners wanting to expand an existing security practice, stay current with the latest technical webinars and training.

For more support and tools, visit the Microsoft 365 Security and Compliance partner page

1Source: Costly Cloud Breaches Putting Digital Transformation Strategies at Risk, Finds Kaspersky Lab

2Source: Online Trust Alliance: Cyber Incident & Breach Trends Report

3Source: Gartner – Forecast: IoT Security, Worldwide, 2018