Cloud Alerting is essential, but what else can you do to prevent attackers from getting in at all?
MFA: Multifactor authentication is the #1 thing you can do, and FOR FREE, to secure your cloud environment.
- This old hat to you? Good! Most businesses still don’t have it implemented!
- Remember…You need MFA in everything. Even your social media accounts.
Conditional Access Policies: These are technical policies that restrict when and where users can log in. The most common one we implement at [JM Addington Technology Solutions / CyberSecureRIA] is geographical:
- You can only log in from the USA.
- Exceptions: Remote workers and wherever you vacation if it’s out of the country.
Turn on Email verification (DKIM/SPF): DKIM and SPF are public-facing technical records used to prove that your server sent emails – if a record doesn’t match or is missing it gets flagged as spam or malicious content.
- This goes a long way to prevent phishing attacks. An attacker can’t use your actual domain without tripping red flags.
Turn on the built-in protections. Microsoft and Google both have protections built into their products.
- Reality check: At [JM Addington Technology Solutions / CyberSecureRIA] we don’t see them turned on until we turn them on.
Examples include:
- Antiphishing technology
- Antispam technology
- Safe Links
- Safe attachments
- Turning off insecure ways to login
What about all of those external sender warnings? Keep these on, but don’t confuse actual security with security theater.
Download our Report!
Get your copy of What Every Business Owner Must Know About Hiring an Honest, Competent, Responsive, and Fairly-Priced Computer Consultant.