Three actions for Cybersecurity Awareness Month and beyond
Each October, we recognize Cybersecurity Awareness Month to have intentional conversations about the importance of maintaining a robust security practice. This month, we are focusing on education and resources for developing a comprehensive security practice. Shoring up vulnerabilities goes beyond having the right technology, it includes education that informs users about emerging threats and teaching them how to safeguard their identities, data, devices, and home networks. We have made security a top priority, and by working together, we can keep threats at bay.
Many organizations have completely reimagined their security structures over the past year, adapting and flexing to meet the needs of a hybrid workforce. With more workers using personal and corporate devices interchangeably, it is even more important to be cyber-aware as new vulnerabilities arise. Additionally, different teams have different priorities, which can lead to disparate risk appetites, priorities, practices, and cultures. This inconsistency can be inefficient and create a duplication of effort, gaps in risk analysis, and an inability to effectively share risk information across the organization.
We believe that partnership and collaboration are key to minimizing the impact of the security threats. Microsoft offers a wealth of resources available for partners that can help inform and guide leaders as organizations implement new and ongoing security hygiene practices. Here are three best practices you can implement today to protect now and in the future.
1. Implement a Zero Trust model
Creating a secure work environment begins with a Zero Trust approach. This means embracing a model that strictly authenticates access requests, grants access with the least privileges needed to complete the task, and always acts as if an attacker is present on the network. Partners who operate under these principles are more resilient, consistent, and responsive to new attacks. We offer a Zero Trust assessment tool to help users identify steps toward full implementation of this security model.
New free 12-month promotional offer:
For partners in the Cloud Solution Provider program with delegated administrative privileges, sign up for a free 12-month subscription of Azure AD Premium Plan 2 to provide extended access to sign-in logs and premium features such as Azure AD Privileged Identity Management (PIM) and risk-based Conditional Access capabilities to strengthen your security controls. More information including how to sign up before October 1, 2022, is available here.
2. Protect credentials with passwords and MFA
Building on the principles of Zero Trust, multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts or apps, users are prompted to provide additional identity verification, such as scanning a fingerprint or entering a code received by phone. This can also help isolate access for elevated privilege accounts and support a transition to a passwordless model.
Creating a strong password can defend your account from basic cyberattacks such as password sprays. However, we know that passwords are often inconvenient and points of vulnerability. That’s why Microsoft is supporting new ways of going passwordless, adopting other authentication options that prevent credentials from falling into the wrong hands.
3. Prevent phishing
Phishing is a type of cybercrime based in social engineering that weaponizes seemingly reputable messages to steal passwords, credentials, or access to sensitive data. Microsoft’s 2020 Gone Phishing Report, produced in partnership with Terranova, found that even large, well-equipped organizations are vulnerable to phishing attacks. We’ve put together a comprehensive guide to protect yourself from these scams.
Security is everybody’s responsibility—we all have a role to play in protecting what happens downstream, upstream, and laterally in the partner ecosystem. By embracing security best practices on all fronts, we can mitigate cyberattacks against our networks. These resources can help you to act during Cybersecurity Awareness Month and will remain available for future security assessment and planning.