A magnifying glass looking closely ay the Microsoft 365 environment and its security configurations A magnifying glass looking closely ay the Microsoft 365 environment and its security configurations A magnifying glass looking closely ay the Microsoft 365 environment and its security configurations

13 June 2018

Microsoft 365 Security Configuration Audit Service now available

Kaon Security offer a 60 point deep dive audit service designed to minimise any risk and uncertainty you might have about the security of your Microsoft 365 environment. The audit service will be of interest to organisations that have already deployed Microsoft 365 or organisations that are starting their transition to this service.

Our experts will gather relevant information to verify your Microsoft 365 service is secured properly and that key settings are enabled correctly.

Some of the areas we will investigate and verify include – user access, data security, email filtering, malware detection, storage security and calendar security.

At the end of the exercise Kaon Security will provide your organisation with a detailed report that includes the following information –

1. An Executive Summary of the 365 environment review, a risk analysis commentary and security recommendations. Specifically written for business people this section will allow you to discuss how to improve your Microsoft 365 security posture with Senior Executives.

2. A detailed “Key Observations” section for the CIO or IT Manager which covers our security findings, a risk analysis commentary and our recommended next steps for remediation.

In August 2017 two key findings in the Microsoft Security Intelligence Report were -

  • As more organisations migrate to the cloud, the frequency and sophistication of attacks on accounts in the cloud is increasing. There has been a 300% increase in Microsoft cloud-based attacks between q1 2016 and Q1 2017. Account sign-in attempts from malicious IP addresses has increased by 44 percent.
  • Microsoft Azure and other cloud services are perennial targets for attackers who seek to compromise and “weaponize” virtual machines and other services, and these attacks are taking place across the globe.

The intelligence gathered for the Microsoft Security Intelligence Report  comes from security-related signals from the consumer, commercial “on-premise” and cloud based services that Microsoft operates globally.

Contact us if you would like to discuss the Microsoft 365 Security Configuration Audit Service.

Version 18 of the Policy System – Data Privacy getting attention

It would be difficult not to have seen or heard recent coverage in the media regarding data privacy matters.

  • Facebook has received plenty of coverage after being tasked with explaining to politicians how it protects customer data whilst at the same time having data sharing relationships with a number of third parties.
  • On May 25th the General Data Protection Regulation (GDPR) came into force in Europe which also received plenty of coverage. Its arrival has given organisations globally and locally cause to consider the impact of the regulation when processing the personal data of EU citizens.

In the latest release of the IT Policy System (Version 18) we have taken into account the requirement for organisations to protect Personably Identifiable Information (PII). To this end we have included new and additional policy content covering PII protection-specific controls. There are  12 additional PII protection controls which are categorised to correspond with the privacy policy and the 11 privacy principles of the ISO 29100 framework. Click Here for more details.

If your business needs to understand how to implement practical steps to better protect data or you are impacted by the arrival of GDPR then you can Contact Us for a confidential discussion. 

Have you developed your IT policies for Cloud Computing?

Please also note that version 18 of the IT Policy System has also been mapped to the ISO 27017 Cloud Computing Standard. This sees additional policy statement details being added to the Cloud Computing Policy covering - termination of a cloud service contract, management of encryption with the cloud service provider and the use of a virtual environment to host a cloud service.

All customers with current maintenance contracts for the IT Policy System will receive details on their free Version 18 upgrade in the next 14 days. Should you wish to obtain any information in the interim then please contact us.

Fostering a Culture of Security

A strong security culture breeds better employee engagement. That must come from the top down.

Click Here to read about our Cyberecurity Improvement Program.

 

In the event of a breach time is of the essence >

Contact Us Today

Fill in the form below or call us on +61 3 9913 3248 (VIC), +61 7 3194 3664 (QLD) or +61 2 9098 8206 (NSW)