The COVID-19 pandemic has exposed many gaps in the world's cloud infrastructure. However, countries have been rapidly mobilizing their resources to overcome these obstacles and address damages. Recently the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) released new guidelines for industries employing cloud collaboration services for their COVID-19 telework. The surge in cyber attacks has undoubtedly been a cause for alarm.
Many employers have been forced to shift most of their onsite work to remote status in order to abide by the stringent lockdown laws due to the pandemic. CISA surveyed the customers who have migrated to cloud-based collaboration services to provide extensive guidelines. These recommendations focus upon five strategies.
In August 2019, Microsoft © reported that multi-factor authentication blocks 99.9% of automated cyber attacks on its platforms. Therefore, it is no surprise that CISA also put emphasis on this tactic to reduce the success of cyber attacks. Enabling the multi-factor authentication system can be as simple as adding a phone number to receive an authentication code after a user already enters their password to sign in to any service.
Instead of allowing constant access to the main Administrator account, which by default has the highest privilege, create role-based administrator accounts with minimum permissions and one Global Administrator account that is rarely accessed. In this way, none of the specific role-based accounts have access to the overall system thereby reducing the opportunity to compromise the rest of the data if one account is hacked.
Cloud services can also generate activity logs. Users can enable these logs to constantly monitor for any suspicious activity.
While watching for suspicious activity on daily or weekly logs is a great way to observe all activity on systems, many services have built-in security measures that can also be employed. These alerts can inform administrators if there has been a login from a suspicious location or for accounts that may be suspected to be sending phishing emails.
Just checking logs within the organization's systems might not be enough to catch an overall discrepancy. CISA recommends that organizations should also share their logs with the cloud service platform's main log, such as Microsoft's © Security Information and Event Management (SIEM) tool. This method will assist in investigating any abnormality that multiple organizations may be experiencing and result in an understanding if there has been a breach of the platform, not just individual organizations.
As the world phases into a post-COVID reality, many people have become aware of the pitfalls in their systems and infrastructure. It is imperative that security guidelines provided by the government are followed to help create a safer virtual world.