Today, I had the privilege of presenting to the Suncoast Chapter of the Association of Legal Administrators in Tampa, Florida. Thanks to all who attended. I appreciated the warm welcome and introduction. Everyone was highly engaged and asked great questions. Most importantly, it seemed like everyone learned a lot and took away key action items to put into practice in their firms to help improve their posture against cyber threats.
My overall theme was one of creating a culture of cybersecurity awareness within the firm. Education is the most important part of any cybersecurity plan. Second to education is communication. We talked about real world examples of the risks that face law firm today as well as examples of actual breaches and points of exposure that were very eye opening for those in attendance.
Thanks again to all who attended and here are a few photographs from the event.
Yesterday, the National Cybersecurity and Communications Integration Center (NCCIC) issued an important Analysis Report (AR19-133A) regarding increasing concerns about Office 365 configurations. Specifically, this report made note of 3rd party organizations that facility company migrations to Office 365 and the lack of standards with these configurations.
More and more organizations and migrating to Office 365 and many hire partners to help them make the migration. The issue is that many of these partners do not properly configure Office 365 security features. These lapses can leave the organization vulnerable to hackers who exploit well known Office 365 configuration weaknesses.
I have witnessed this first hand, in my business, where clients have come to us with mis-configured Office 365 tenants that have left them vulnerable. In one particular case, I know of a company that had one of their Office 365 accounts mirrored to a hacker, who analyzed the organizations communication style and was able to trick the two people in the finance department to wire a significant amount of funds to the hacker. This threat is very real and it should be a concern for everyone working with Office 365.
The Cybersecurity and Infrastructure Security Agency (CISA) has released specific recommendations to address these concerns. From the Analysis Report, CISA recommends the following:
CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets through defending against attacks related to their O365 transition, and securing their O365 service. Specifically, CISA recommends that administrators implement the following mitigations and best practices:
- Use multi-factor authentication. This is the best mitigation technique to use to protect against credential theft for O365 users.
- Enable unified audit logging in the Security and Compliance Center.
- Enable mailbox auditing for each user.
- Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users.
- Disable legacy email protocols, if not required, or limit their use to specific users.”
If you work with Office 365, please review Analysis Report (AR19-133A) right away.