05 May 2022
When did you last conduct a thorough Microsoft 365 Security Review?
In a recent communication we outlined how Kaon Security when conducting Microsoft 365 security reviews have found many organisations have a well a configured tenancy in some areas but commonly those organisations still have some critical or high-risk security issues to address, and opportunities for improvement. Even where security best practices are implemented, a review exercise will identify noticeable and very simple gaps that may result in high severity data security risks.
This short video clip provides a review of the service offering and deliverables.
But it’s only a matter of time
If you are not providing everyone within your organisation with good clear guidance as to how they are expected to work with your systems and data, then it’s probably just a matter of time before you have an IT Security, legal, or HR issue to address. For most people dedicating the right level of time to documenting policies, processes and procedures is not a reality, as plenty of other projects are given higher priority. Furthermore, once this documentation exercise is done there will be a periodic requirement to keep the content up to date.
Policy Management as a Service is an option many organisations have opted to address deficiencies in the guidance they provide for their management and staff. Aside from providing a fast track means to getting policy content in place the service assists with the following key areas:
- IT Policies – Written so they are easy to read and understand
- Policy content is mapped to recognised standards and best practice
- Building security awareness
- Driving user engagement
- Managing engagement
- Management of content
Click Here to see the service highlights details.
Addressing a blind spot – Third Party Risk
When it comes to IT Third Party Risk Management, how do you ensure that the third parties engaged to do work for your organisation preserve the confidentiality, integrity, and availability of your information? Often the “work” will include access to your organisation's data, intellectual property, financials, operations, or other sensitive information.
Some questions to consider are:
- Do you have an accurate inventory of all the third parties that you rely upon?
- Can you identify which third parties are critical to your business?
- Can you identify which third parties pose the highest risk to your organisation?
- Do you know which third parties have access to your data?
- Do you have a signed contract with third parties that allows you to enforce your organisation’s security requirements, or conduct security assurance checks against them?
- What onboarding and offboarding process are currently documented and applied?
- How do you ensure that IT third party risk is an integral part of your risk framework?
If you would like more information on how Kaon Security can assist your organisation get some structure in place to manage IT Third Party risk then contact us.