Is remote working putting your business at risk? 4 ways to protect your data
Hamish Blake is a well know Australian comedian and radio personality. Earlier this year he received notoriety for a joke that turned into a serious security threat, and we saw just how relaxed some employees in Australia have become. Hamish managed to convince over 1,000 people to hand over their Zoom logins and passwords as part of a prank where he gatecrashed corporate Zoom meetings.
While many people were entertained by Blake’s “zoom bombing,” not everyone was amused – including the Australian Defence Force, who banned Zoom after Blake managed to infiltrate an official Air Force meeting.
Recent stats back up the relaxed attitude. 91% of IT leaders trust their employees to follow security best practices while working from home, but 52% of remote workers admit that they’ve let cybersecurity slip during lockdown even though attacks are increasing.
Remote working may be the new norm, but it does not have to put your business at risk! In this article, we share 4 ways to keep your data and applications safe, in this new age of remote working. The first step is to have a policy in place and educate your employees regularly on what to do if they lose their device and common cybersecurity threats and what actions to take if they suspect something is not right. A security-focused culture is a great start against data loss. In the event of a lost device, you can take these measures.
Microsoft Endpoint Manager: Track a missing device
Even if your workforce has company-issued laptops, chances are your employees have always accessed company data and applications on their mobile device, for example checking work emails on their personal smartphone.
With over 1.6 million Australians currently working from home due to the COVID-19 pandemic, the lines between remote working and home are becoming increasingly blurred. To help protect your data and applications, you should assume that your employees are accessing and storing more confidential company data on their mobile devices than ever before.
Mobile devices pose a huge security risk to your business, as they are uniquely susceptible to getting lost, misplaced, or stolen. Imagine the scenario: your employee’s smartphone is missing, presumed stolen, and that device contains a wealth of confidential company and customer data, and has access to all your corporate applications.
A third party could do anything with your data, including selling it to your biggest competitor, or even publishing it online as we saw with the recent Vodafone breach where a hacker posted the medical records of “scores” of Western Australians.
A single misplaced smartphone or tablet could cause irreparable damage to your reputation, resulting in a loss of customers, a fall in revenue, and perhaps even a $2.1 million civil penalty.
However, if a device goes missing, then there are steps you can take to secure that device – and the first step is trying to locate that missing device.
If your employees own a Windows laptop, Surface, or Windows phone, then they can use the built-in Find My Device feature. This feature can be activated by the device’s owner, allowing them to respond to a missing device immediately, rather than waiting for your Microsoft 365 admin to process their support request.
To use Find My Device, the employee first needs to activate this feature:
- On the Windows device, navigate to “Start > Settings > Update & Security.”
- Tap “Find My Device.”
- Select “Change.”
Once this feature is active, the employee can use it to locate their missing device:
- Sign into your Microsoft account.
- In the toolbar, select “Devices.”
- Open the “Find My Device” tab.
This device should now be displayed on a map. Hopefully, this map reveals that the device is located somewhere nearby, but if it seems like the device has fallen into the wrong hands, then the employee can remotely lock their device, by selecting “Lock > Next.”
If an employee owns an iPhone or iPad running 9.3 or later, then they can locate their device via the Microsoft Endpoint Manager:
- Log into the Microsoft Endpoint Manager admin center.
- In the left-hand menu, select “Devices > All devices.”
- Select the missing device, and then click “More.”
- Select “Locate device.” The iPhone or iPad’s location will now be displayed on a map.
The employee can now decide whether this a potential security risk and contact their Microsoft 365 admin where appropriate.
How to remotely lock and wipe a stolen device
While features such as Find My Device can help you determine whether a mobile device is truly missing, this may not be enough to keep your data safe!
Maybe your mobile device is in a completely unexpected location and therefore likely stolen, or perhaps it’s going to be extremely difficult to recover, for example maybe you left your smartphone on the train and it’s currently making its way across the state!
Even if you cannot easily recover a missing device, you can prevent third parties from accessing the data that is stored on that device. In this section, I’ll show you how to remotely lock or wipe a device, using the Microsoft Endpoint Manager admin center.
To remotely lock a lost, misplaced, or stolen device:
- Sign into the Microsoft Endpoint Manager admin center.
- In the left-hand menu, select “Devices > All devices.”
- Choose the device that you want to lock, and then select “Remote lock.”
To remotely wipe a device:
- Head over to the Microsoft Endpoint Manager admin center.
- Navigate to “Devices > All devices.”
- Choose which device you want to wipe, and then click “Wipe.”
- Read the on-screen information, and if you are happy to proceed then select “Yes.”
This device will now be wiped, and anyone who has access to that device will no longer have access to all your intellectual property.
Block weak passwords, with Azure Active Directory
Many password-based attacks rely on employees using insecure passwords. For example, a malicious third party may attempt to gain unauthorised access to your accounts by trying all of the most commonly used passwords, in a “password spray” attack.
Your employees’ passwords should always be long, complex and feature a mix of letters, numbers, and symbols. However, when your staff are working remotely, and potentially accessing data across multiple personal devices, it becomes even more important to enforce password best practices.
You can ensure that none of your employees are using common passwords, by creating a password blacklist. With this list in place, your employees will encounter an error message if they ever try to secure their account using a blacklisted password.
According to Microsoft, here are the 10 most commonly used passwords:
For the best results, you should ban all the above passwords, but you should also block any passwords that are related to your business, such as passwords that feature the name of your flagship product or the street where your head office is located. You should also ban obvious variations on these words, for example, if your business is named “My Computer Business,” then you may also want to block “MyComptuerBusiness123” and “MyComputerBusiness2020.”
Using Azure Active Directory (AD), you can create a password blacklist and then enforce this blacklist remotely, regardless of the employee’s location and the device they are using to access your applications and data:
- Sign into Azure AD.
- Select the “Password Protection” section.
- Find the “Custom banned passwords” section and push its slider into the “On” position.
- Now, enter all the passwords that you want to block.
- When you are happy with your list, click “Save.”
Your employee will now be unable to use any of the passwords on your backlist.
Compromised account? Remotely block access to Microsoft 365
Even if you follow security best practices and implement all of the above steps, you may still encounter the worst-case scenario, where a malicious third party gains access to an employee’s accounts.
If you suspect an account has been compromised, then you can block that account’s access to the entire Microsoft 365 platform. By revoking Microsoft 365 access remotely, you can secure all of your accounts and data, regardless of where the remote worker is located.
To revoke an account’s Microsoft 365 access:
- Log into the Microsoft 365 admin center.
- In the left-hand menu, navigate to “Users > Active users.”
- Find the compromised account, and hover over the account name. When the checkbox appears, select it.
- Select “Reset password” and enter a new password.
- Since we are securing a compromised account, it is crucial that you deselect the “Send password in email” checkbox – you do not want to share your new password with the hacker!
- Click “Reset.”
- Select the compromised account, which should launch a new panel.
- In the new panel, select “OneDrive > Initiate sign-out.”
Anyone who currently has access to this account will now be automatically logged out, and since they do not know the new password, they will be unable to log back in!
Interested in knowing more or how you can enable your business to work remotely and securely? Get in touch below. At Blackbird IT, we are passionate experts helping companies to solve business challenges with technology. These are just some security tips every business can implement. Check out this blog on some additional steps you can take to keep your data safe and avoid service interruptions from a security breach.