Today, security has become a key enabler of technological success for any organization. Innovation and enhanced productivity can only be achieved by introducing security measures that make organizations as resilient as possible against modern attacks.
Many cyberattacks are successful simply because basic security hygiene has not been followed. In fact, according to Microsoft’s latest Digital Defense Report, basic security hygiene helps protect against 98% of attacks.
To help organizations better defend themselves, Microsoft recommends 5 minimum security standards:
- Enable multifactor authentication (MFA) to protect against compromised user passwords and helps to provide extra resilience for identities. Multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts or apps, users provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.
- Apply Zero Trust principles, the cornerstone of any resilience plan limiting the impact on an organization. These principles are:
o Explicitly verify—ensure users and devices are in a good state before allowing access to resources.
o Use least privilege access—only allow the privilege that is needed for access to a resource and no more.
o Assume breach—assume system defenses have been breached and systems might be compromised. This means constantly monitoring the environment for possible attack.
- Use extended detection and response anti-malware. Implement software to detect and automatically block attacks and provide insights to the security operations. Monitoring insights from threat detection systems is essential to being able to respond to threats in a timely fashion.
- Keep up to date. Unpatched and out of date systems are a key reason many organizations fall victim to an attack. Ensure all systems are kept up to date including firmware, the operating system, and applications.
- Protect data. Knowing your important data, where it is located and whether the right systems are implemented is crucial to implementing the appropriate protection.