Please see our Work from Home guide for you to share with your teams. We hope you find this useful.
Businesses accelerated moving their IT to the cloud and enabled remote working in record numbers during the global pandemic of 2020. As the abnormal becomes the new normal, IT departments supporting small-to-midsized businesses (SMBs) are tasked with deploying a combination of cloud-based applications and on-premises solutions to keep employee/customer data safe while also ensuring business continuity. However, a recent study commissioned by cyber-security software firm specialist Untangle found that:
- 74 percent of SMBs ranked security as their number one priority
- 64 percent of SMBs deployed a portion or all their IT infrastructure in the cloud
- 38 percent of SMBs spent $1,000 or less annually on cyber-security
Amaxra consultants consulting with entrepreneurs and IT professionals at SMBs over the past six months have seen this paradox up close. While we have not heard this said word-for-word, our consultants are hearing many SMBs saying in effect: “We’re moving everyone to the cloud and cyber-security is our top priority, but we can’t spend any money on cyber-security right now.”
Based on our firm’s over a decade of experience deploying secure cloud-based productivity solutions for SMBs, Amaxra consultants have compiled three quick and simple tips you can use right now to enhance any organization’s cyber-security in the new normal:
Lock down your cloud-based storage when it comes to sharing
The advantage of using the cloud for corporate IT infrastructure is the flexibility and easy access to data from any internet-connected device. For example, using a cloud-based app to track employee hours or collaborate on documents with external partners means you can access that valuable data from the cloud on your PC at the office as easily as you can on your smartphone in the coffee shop. This ease of use can also create a problem with what’s called “data leakage.” Any unauthorized transmission of data your company controls to an external destination or recipient is data leakage—a common issue for companies. One of the key reasons data leakage occurs is that ease of use afforded by cloud-based applications. Not only do many cloud-based apps allow external sharing of data but these apps often open them by default. Regardless of whether you personally consider this is a design flaw or not, the best way to reduce your risk of data leaking through this method is to lock down your cloud storage with a centralized security policy for external file sharing.
For SMBs using Microsoft 365 solutions, the file sharing permissions used for collaborating in cloud-based apps such as Microsoft Teams are robust and relatively secure when using Microsoft SharePoint as the default cloud storage. Amaxra sets up all of our employees as well as our customers with integrated SharePoint storage for Microsoft Teams. This ensures that sharing data between peers inside an organization is simple and secure, while requiring authorization before sharing any internal company data with external partners. We’ve found using this setup for Microsoft 365, Teams, and SharePoint to be the most effective first step in cloud security an SMB can take.
Consolidate your cloud IT apps and licensing
Many SMBs moving to the cloud are now struggling with the complexity inherent in using several cloud services and apps. One of the reasons this is so prevalent is the relative ease in which anyone can get software as a service (SaaS) applications. The cloud empowers your marketing department to procure a SaaS app they need to automate campaign tracking even though there is an existing SaaS app used by sales and finance that could’ve performed the same tracking. Amaxra has found this issue is relatively common at SMBs and not only does it create confusion about what is “the app” everyone should be using, it also increases overall IT costs for the company because multiple business groups are independently paying for similar tools.
To deal with SaaS sprawl at your company, Amaxra consultants recommend auditing the SaaS apps in use at your company. Visibility into what SaaS apps are in use today can help you optimize your software licensing across the entire organization. Amaxra performed one such software licensing optimization audits for a customer and helped them to formulate a strategy where they were able to consolidate their existing Microsoft licenses (some were inactive been still being paid for) and reduce the total number of SaaS vendors in use in at their company.
Mandatory multi-factor authentication for everyone
Amaxra consultants recommend SMBs to mandate every remote employee use multi-factor authentication (MFA) when accessing any corporate cloud-based resource. It’s simple to configure and incredibly effective for SMBs, with a recent SANS Software Security Institute study noting that MFA can block over 99.9 percent of account compromise attacks. For the uninitiated, MFA is a cyber-security enhancement requiring users to present two or more personal credentials when logging in to an account. When MFA is enabled, using a collaboration app such as Microsoft Teams or accessing files stored in a secure cloud requires the user to first correctly type in their password then acknowledge a phone call, text message, or an app notification on their smartphone. Although most business-oriented SaaS app can use MFA, not every app has MFA enabled. One of the reasons why Amaxra recommends Microsoft 365 is that since 2019, every Microsoft 365 Business subscription has MFA capabilities enabled by default.
If you’re an entrepreneur or IT professional at a small to midsized business, then let Amaxra help secure your remote workforce. We have the tools and resources to help you.
Contact me at firstname.lastname@example.org or call 425 708 8841 if you have any questions or comments on this blog.
Limited time offer: Let Amaxra manage your Office 365 licensing and we will configure security such as multi-factor authentication at no additional cost. Email email@example.com or chat with us on this website to find out more.