Cybersecurity Awareness Month – October 2023

Yeoman YuLeave a comment

What is Cybersecurity Awareness month?

Cybersecurity Awareness Month is an annual initiative held every October that aims to raise awareness and educate people about the importance of staying safe and secure online. It was founded in 2004 by the US Department of Homeland Security and the National Cyber Security Alliance and has since expanded to many countries around the world, including Australia.

This year’s theme

The theme for Cybersecurity Awareness Month 2023 is ‘Be cyber wise – don’t compromise’. This year, the campaign encourages everyone to take four simple steps to boost their cyber security and protect their devices and accounts from cyber threats. These steps are:

  • Update your devices regularly.
  • Turn on multi-factor authentication.
  • Back up your important files.
  • Use passphrases and password managers.

By following these steps, you can reduce the risk of falling victim to cyberattacks such as ransomware, phishing, malware, identity theft, and business email compromise. You can also help make the internet a safer place for yourself and others.

Resources

The best resource that can help you learn more about the aforementioned measures and general cyber security awareness is the Cybersecurity Awareness Guide that I have put together. It is an easy to follow guide of all the types of threats and measures you can review and put in place to make you and your organisation more secure.

The Australian Cyber Security Centre and Scamwatch websites also have great information as well as part of the Australian Government’s initiatives to make us all more cyber secure.

Becoming more Cyber Secure this month

Cybersecurity Awareness Month is a great opportunity to review your online habits and practices, and to learn new skills and tips that can help you stay cyber wise. By being cyber aware, you can not only protect yourself from cyber threats, but also contribute to a more secure and resilient cyberspace for everyone.

If you and your organisation need help implementing a culture of being more cybersecure, then please contact me and I can assist.

How good is your Microsoft 365 Security? Use Microsoft Secure Score

Yeoman YuLeave a comment

Microsoft has provided a simple way to show the current security status of your organisation’s Microsoft 365 system.

Microsoft Secure Score exists in every customer’s Microsoft 365 system and is available to view whenever you want.

As you can see Secure Score is a real-time dashboard providing not only an overview of your Microsoft 365 security but it is also a great starting point to plan out how to improve the overall security of your organisation.

Your Microsoft Secure Score is found at: https://security.microsoft.com/securescore

You may need some administrative role access to see your Secure Score so if you cannot view it, ask your Microsoft 365 Administrator / IT support team to either grant you access or send you screenshots.

How to understand Microsoft Secure Score?

The giant number, in the above example, 85.27%, is a determination from Microsoft based on many variables, but in simple terms the main factors are:

  • The number of Microsoft 365 subscriptions
  • The type of Microsoft 365 subscriptions – Exchange Online mailbox, Business Basic, Business Standard, Business Premium, E5, etc.
  • The number of devices (laptops, mobile phones and tablets) in your organisation that use Microsoft 365
  • Which security features, policies and settings have been enabled in your Microsoft 365 system based on your highest subscription level, compared to Microsoft’s own recommended best practices.
  • As Microsoft’s recommended best practices evolve over time, your Secure Score will fluctuate.

What can I use Microsoft Secure Score for?

The best part of Microsoft Secure is that you can also see a list of recommended actions that your Microsoft 365 Administration / Support team can take to improve the score.

You can also what is an achievable score based on your current subscriptions, devices, etc.

As recommended actions are considered by your organisation and then actioned, over time your Microsoft Secure Score will change, typically upwards. Mind you, this may take some time as each organisation will need to consider carefully what security features to enable, balanced against impacting the workflow and productivity of your staff.

You can also see how your Secure Score compares to other Microsoft customers of a similar size to your organisation. Considering how many Microsoft 365 customers exist globally, this comparison can be really handy as well to see how your organisation is doing regarding its security.

What is a good Microsoft Secure Score?

This is a frequently asked question since Microsoft Secure Score is simply a number.

Based on my experience:

  • Anything 65% and below should be a cause for concern, and steps should be taken to have your Microsoft 365 administrators improve it.
  • Anything from 65% – 80% is a good median to aim for and can be achieved without too much impact on how your organisation uses Microsoft 365 and it will meet many of Microsoft’s recommended best practices. Typically, Citisystems aims for this Secure Score for its Modern Workplace clients
  • Anything from 80%-100% is an excellent score but you will need to adjust how you work with Microsoft 365 as there may some impacts on how you traditionally work.

Why should you care about Microsoft Secure Score?

Microsoft Secure Score is a great overview and is available to everyone as benchmark. There are many implications to your organisation that you may or may not have thought of:

Overall Security Improvement Plan

The Secure Score recommendations can be used as a basis to improve your organisation’s security over time, especially if Microsoft 365 is a core system for your organisation. Remember, Microsoft 365 a is cloud based service which means it is subject to cyberattacks all the time from anywhere in the world. The more secure you become, the lower the risk of problems for your organisation from these threats.

Cyberinsurance Premiums

Since Microsoft Secure Score is a known feature and many organisations now use Microsoft 365, cyberinsurance providers are now asking their customers to report their Secure Scores during annual insurance assessments.

This will affect the not only premiums you pay but also potentially the ability for your organisation to obtain cybersecurity insurance for another year.

Microsoft 365 Administrators’ capabilities

No matter who administrates your Microsoft 365, be it in-house staff, an external IT contractor, family friend or even yourself, the Secure Score is also a benchmark to work out if your system is being properly secured.

If your Microsoft 365 Administrators provide services to other customers, ask to see the Secure Score of their own organisation’s Microsoft 365. If their Secure Score is low, you should be asking why you would want them to support and secure your organisation’s Microsoft 365 as well.

Need help with Microsoft Secure Score?

Feel free to contact Citisystems or myself if you need to understand more about or if you need help improving your organisation’s Microsoft Secure Score.

Additional Resources

The Cybersecurity Awareness Guide

Yeoman YuLeave a comment

Recent events have further highlighted the need for more Cybersecurity Awareness in the general public.

  • In late September 2022, Optus suffered from a Data Breach which potentially affected nearly 10 million ordinary Australians. Since then mainstream media and social media is filled with daily stories, posts, opinions and comments about Optus, our Personal information, Privacy laws and our general approach to Cybersecurity.
  • Since the Optus breach Telstra also suffered from a data breach,
  • Overseas, Uber suffered a major data breach
  • Coincidentally, October is Cybersecurity Awareness Month – a month where security professionals and government authorities encourage ordinary people and businesses to review and improve their cybersecurity.

In the wake of the Optus Data Breach, mainstream media introduced experts telling ordinary members of the public what they should do to better protect themselves with regard to their cybersecurity.

One thing is certain, just like with a recent global pandemic, the general public have had to undertake crash courses in new concepts such as Work from Home, new technologies and terminologies such as QR codes and RATs, and having to adjust to a new way of doing things in life as a result.

The media coverage alongside my own interactions with clients and community members have revealed some issues.

  • All the cybersecurity experts had less than a minute of on-air time which meant everyone was told what to do but not how to do it.
  • IT industry phrases and technologies such as Multifactor Authentication (MFA), Phishing, data breach, Personal Identifiable Information (PII) ,etc. were waved at the average citizen without full explanation and causing additional stress and fear.
  • Older and/or less tech savvy Australians need assistance with becoming more cybersecue, either from family members or other trusted people within their communities.
  • Australia is a diverse community, which can make conveying cybersecurity concepts and methods more difficult.
  • There are some very good sites with cybersecurity resources but too much technical jargon is involved with explanations.

Cybersecurity Awareness Guide

In response the highlighted issues and my 20+ years in the IT industry, I have compiled my own version of a Cybersecurity Awareness Guide, pulling together concepts, terminologies, a more in-depth explanation and some linked resources to try and make it easier to help the community, both young and old members alike.

Please go and check out the Cybersecurity Awareness Guide at http://cyberaware.guide

  • It is focused on helping Australians as a lot of links to Australian based services were not easy to find.
  • Share it with family members and staff alike. Everyone has a family that hopefully can benefit from the information.
  • Become a more educated Cybersecurity Adviser to your family and staff, so they can turn to you for assistance in any suspicious activity affecting them.
  • I aim to make the site more multi-lingual, currently we are testing it out with Traditional Chinese.
  • Contact me via the online form or via social media for any suggestions and feedback.

A big thanks to my peers, clients and community who gave me the idea to put together this Guide and I hope it turns out to be of assistance to the wider community.

I am planning to host at least one community event in Sydney during October 2022 for Cybersecurity Awareness Month to accompany this Guide.

This would be in-person training over a couple of hours to provide practical aspects of the Cybersecurity Awareness Guide such as Password Management and Multifactor Authentication.

Subscribe and/or watch this blog for event details and updates to the Cybersecurity Awareness Guide.

Modern Workplace – Using Microsoft 365 Business Premium

Yeoman YuLeave a comment

There has been a lot of buzz around what Modern Workplace is and what it involves, especially with a sudden halt in “normality” due to a global pandemic affecting almost every facet of the world as we know it.

Modern Workplace is simply a philosophy that unites how people and organisations work in their current environment using the most up-to-date digital workplace solutions, tools and technologies.

The largest factor in making a shift Modern Workplace is a for the employer and employee to consider and adopt new approaches and attitudes instead of everyone sitting in one office building at a cubicle/desk with and connecting to Traditional IT such as desktop computers, servers and corded phone handsets.

Main Components of a Modern Workplace

Collaboration is a large driver of Modern Workplace, working both inside one’s own organisation as well as across other partnering organisations. These partners can be customers, members, suppliers, vendors, supporters, etc. This involves more real-time interaction in group driven projects, presentations and common outputs.

Communication is necessary for Traditional workplaces but even more so for Modern Workplaces. There is more than just email and phone calls now. SMS/Texts, Mobile Apps and Platforms such as Microsoft Teams and Slack and even Social Media are just some of the newest technologies that need to be connected and engaged by the Workplace and its staff to achieve their objectives.

Modern Desktop means flexible work environments. Work From Home and Remote Working have been the catchcry for a bulk of industries in the last few years due to the inability to congregate face to face due to the need for social distancing. This has meant using Home Offices, Hot Desks, Short term working spaces have become much more popular and has also driven how staff and management approach the concept of “going to work” may involve a commute of a few feet to a home based study/desk to travel to offices or even cafes/libraries to work and/or collaborate. Devices other than just desktop computers such as laptops/Macbooks, Android Tablets/iPads, iPhone/Android phones are now part of the Modern Workplace. Organisation Data/IP is stored and securely accessible in the Cloud instead of on physical services in a secure area of the office.

Business Intelligence and Automation is now a feature of Modern Workplace since better Analytics technologies gives organisations the ability to gain insights and conclusions from one of their most valuable resources – corporate data. Automation of workflows removes time and resource wastage as well as human error from repetitive or mundane tasks, allowing for staff to be more empowered to work on more challenging and rewarding projects.

Security and Compliance is the protection for the entire Modern Workplace that ensures that internal and external threats to the Organisation’s data and IP are detected and mitigated. This is important since now staff and data is accessible from anywhere in the world, so global protection for that data must also be maintained. In addition there are other National, Industry and Company compliance requirements such as personal data privacy that need monitoring and enforcement to protect against lawsuits, penalties or restrictions on trade.

Why Microsoft 365 Business Premium for The Modern Workplace Platform?

Most people are aware and have encountered in some form a Microsoft 365 service. This could be the used of the Desktop Apps (Word, Excel, PowerPoint, Outlook, etc.) , the world class Enterprise Email system or more recently, Microsoft Teams. Microsoft has invested over 10+ years worth of innovation and development to bring Enterprise grade tools and services to all types of organisations, from sole-traders and small businesses right through to the Global 5 enterprises.

With the customers that I deal with on a daily basis, they range from sole-traders to small-medium businesses from all types of industries. Due to the financial constraints facing some of these customers, it has been case to get the cheapest possible Microsoft 365 subscription that will fulfil some or all the basic requirements, typically Business Basic or Business Standard.

However Business Premium comes with a lot of security features that will help protect the data you store in Microsoft 365 against both inside and outside threats. As Microsoft 365, like many Software-as-a-Service offerings is a globally available system, it is best to minimise the “attack surface area” and increase the protection as much as possible. Microsoft 365 Business Premium is best balanced service offering to provide such protections through its security and compliance features, for not much dollars per month. The financial losses that could be potentially incurred for not properly securing any of your cloud base services vastly outweigh the small investment required in using the right product in the first place!

If your organisation, no matter how big or small is looking a business solution that provides a Modern approach of the office, consider using Microsoft 365 Business Premium as a centrepiece of your workplace that is fully featured and secured and is great value for what it provides.

.

Ignition

Yeoman YuLeave a comment

Welcome to the first post of the Citisystems Chronicles!

A journey of a thousand miles begins with a single step.

— Chinese philosopher Laozi

In the 30+ years that I have been working with in the Information Technology industry, the one constant is that evolution is always happening at many different angles and altitudes. Besides the various hardware technologies from the latest laptops, computers, phones, tablets, gaming consoles, etc. there is also the development of the virtual world. However it is the people and organisations who matter the most as they are the ones who will interact, discover and use these technologies in many different ways to create many different outcomes that may or may not match the original intentions.

One of the aims of this blog is to provide commentary and ideas on how to approach these new technologies from a business and personal perspective. Besides embracing ongoing learning, we explore new ways to save time and resources as well as creating solutions to current and future problems. Join me on what promises to be a great journey.