- Identity and access management – ensuring that accounts used by authorized people are not compromised or misused
- Information protection – knowing where valuable or sensitive information is located and ensuring that it is not lost or stolen
- Threat protection – identifying attacks and stopping them automatically whenever possible
Here are some guidelines for navigating this ‘new normal’ to minimize concerns about security breaches.
- How can we block unauthorized users?
Require SAML-based multi-factor authentication if the meeting or collaboration tool supports it. If not, require access via a link or URL. (Apps that can be used without a link are not as secure and should be avoided.) In addition, use the lobby feature available in web conferencing tools such as Cisco WebEx to prevent strangers from connecting using shared credentials.
- What can be done to avoid anonymous call participants?
Use the tools available on your app of choice to establish an identity for everyone on the call. This will avoid designations like “Dial-in User #1” that typically are assumed to be a problem with the user’s microphone or computer but that may actually be an intruder.
- How should we categorize our information when sharing documents?
Keep it simple. Using Baseline, Sensitive and Highly Regulated categories is unambiguous, leading to consistent results.
- What kind of protection should we apply to our baseline content?
Require multi-factor authentication when the user sign-in risk is medium or high, block clients that don’t support modern authentication, apply application protection policies, and require compliant PCs.
- What kind of additional controls should we implement for our sensitive content?
Require multi-factor authentication regardless of sign-in risk, require compliant mobile devices, and prevent downloading files to unmanaged devices.
- How can we share files?
Send links instead of documents. This will help you maintain control of the files and improve productivity by decreasing the effort required to track and incorporate changes.
- Our legal team wants to disable sharing with external users. What should I say to convince them that we can do this securely?
- Explain how sensitive files can be labeled and protected.
- Describe how conditional access policies can be used to enforce multi-factor authentication, and limit what a guest can do and how their actions can be audited and controlled.
- Classify the content into the three tiers described in #3 and prevent guests from accessing the highly regulated content that is most sensitive. Only allow guests to access certain types of content.
- How can we prevent attackers from using email to steal our information?
- Disable auto-forwarding of email. This will thwart attackers who send malicious email that turns on auto-forwarding in order to reroute messages to the bad guys.
- Disable anonymous calendar sharing. This will help prevent leakage of sensitive information.
- Use data loss prevention policies to identify email messages and data files that contain sensitive information.
- Protect information with labels that describe the sensitivity level of the content and encrypt the file when appropriate.
- Use a cloud app security broker (CASB) to identify and protect sensitive information that may be sent to systems you do not control.
Dean Gross leads Insight Enterprise’s Security and Compliance Technical Council, focusing on identity protection, information control and protection, attack prevention and detection, regulatory compliance (primarily GDPR), security management, and mobile app and device configuration.