Machine ID Management and Digital Transformation: Building a Secure Future Webinar

Machines already outnumber the humans on your network, which means every machine needs a trusted identity. Consider IoT devices, mobile devices and software-defined workloads and applications – trusted identity for each and every machine is critical.

As zero-trust and multi-cloud architecture become the norm, the role of machine identities in enterprise IAM (identity and access management) has reached critical importance – each needing to be managed and protected. The stakes are high, and keeping ahead of outages, key theft or misuse and internal and regulatory audits is a serious challenge.

In this webinar, our panel will discuss:
· The use (and misuse) of machine identities in organizations today
· Implications of machine IDs on data privacy and protection
· Strategies and recommendations to manage machine identities
· How to operationalize your strategy with a Crypto Center of Excellence (CCoE)

How to stop Phishing Threats for Office 365 Webinar

Digital Pathways have been in the Cyber Security market for nearly 25 years and seen a continuous rise in data security breaches. Our suite of products and services enables our clients to monitor their security posture, balance business risk with cyber risk, and achieve a cost-effective way to keep their data safe. With over 91% of Cyberattacks starting with a phishing attack, getting your email defences right has never been more important.
Today with Cyren, we will address why and how to stop phishing messages making it past traditional Secure Email Gateways and reaching users’ inboxes. Cyren Inbox Security deploys directly into the Office 365 inbox where it can continuously monitor emails and when a new threat is discovered it can automate response and remediation across every mailbox.
In this webinar, we will look at:
• Why Microsoft 365 ATP and EOP give many security teams a false sense of security
• Which kinds of evasive phishing are likely to bypass Microsoft 365’s conventional defences
• Why you need an additional layer of email security that automatically reduces the number of email threats reaching your employee

Click here to go to the webinar
Work from anywhere

The Work From Anywhere Security Check list

The post-pandemic trend of ‘work from anywhere’ may offer many benefits both to employer and employees alike, but for security teams across the board, it adds a myriad of issues and concerns regarding exactly how data can be kept safe.

The ability to be connected on any device with access to every application, anywhere at all, is a reality today. But this reality hugely increases the attack surface within any organisation.  Together with the ever-growing instances of phishing and ransomware attacks, the need for robust and co-ordinated security strategies grows ever more important.

Many organisations find themselves with piecemeal security solutions, continually bolting on the next ‘sounds great’ solution without any holistic thought.  This results in security gaps, fragmented visibility, and a complex system, practically impossible to manage.

There is no doubt that we humans are the biggest threat of all.  We make mistakes.

So, what can be done?  Here is a checklist of the 10 ‘must-have’ protections for users, devices, and access.

  1. Email Security: Email is like sending a postcard. If you don’t mind the postman reading what is written on your card then it is fine, but would you put your bank details and PIN on a Postcard, obviously not. So, consider email in the same way. Always use an email security application to encrypt them, detect suspicious emails and block them, stop accidental emails going to the wrong person, or to check that attachments are not confidential.
  2. Ongoing Cyber Security training: We all tend to forget things quickly and, in the heat of the moment, may not recall how to spot a suspicious link. Training should be on-going and one useful element is to use an application that generates spoof emails to maintain awareness, has the ability to monitor progress and, provides The Board with a measurement of the improvement of staff cyber awareness.
  3. Endpoint Security: It is difficult to know what a remote user is doing, but by having an application on the endpoint which monitors the status of the device, checks that it is fully patched and that there are no rouge services running, can help to stop endpoints being compromised. Furthermore, adding services such as automatic back-ups, remote diagnostics and support, will enhance the remote user’s situation and reduce the support overhead of remote workers on IT Support Teams.
  4. Access control: We all know the problems surrounding the issue of passwords and their management. Making access to networks easy but secure, is a goal all remote working solutions should strive for. Multi-Factor Authentication removes the password issue in a simple fashion and can be extended to encompass signal sign-on, across other platforms and cloud services.
  5. Encryption: this is the only technology outlined within the GDPR rules and can significantly reduce the exposure of a data breach to a company. Encryption does not slow down a device, nor does it mean that data cannot be shared. It is simply there to protect the valuable asset of the data, whether it be in transit, at rest on a device or server, or in a cloud-based system, either managed by a third party or within your own cloud solution.
  6. Backup & Disaster Recovery: Data has value and blocked access to it poses a real threat to business. Ensuring data is protected against ransomware, secured by encryption and access controls, held in multiple locations in different formats, all lead to data being available on demand, to any user or device, in as timely fashion as can be managed during any recovery process.
  7. Threat intelligence: To be forewarned is to be forearmed. Therefore, understanding where threats may be, gives the business time to prepare and deploy measures to minimise risk.
  8. Third Party Risk Assessments: The supply chain is critical to a business but should that chain have a weak link, it could open a door into the network and allow a hacker in. Consequently, it is important to ensure suppliers’ networks are also robust by adding some form of risk assessment on key suppliers to ensure businesses can operate together in a trusted environment.
  9. Network Security: Data travels over networks, often in the public cloud, so should be protected by using a Virtual Private Network (VPN) to ensure that no third party can eavesdrop on communications or, insert data such as an altered invoice into the stream.
  10. Application Security: Applications are easy to deploy but often we do not check that they are functioning correctly or may have higher administration rights than needed, leading to application exploits or open doors into networks. Any new application should be checked for its handling of security and follow the GDPR standard of a Data Protection Impact Assessment (DPIA) to verify the application. As a last resort a full code review should be undertaken which will highlight any code trap doors hidden within it by the developer.

If you need any advice or would like to discuss any of the security checklist components please give us a call on 0844 586 0040 or email intouch@digitalpathways.co.uk

Every organisation can benefit from added protection, we’ll be happy to advise you.