Making the most of user authentication and Microsoft’s Secure Score.
Cybersecurity threats – whether accidental or malicious – are one of the greatest concerns for business. And following the introduction of new General Data Protection Regulations (GDPR), it has never been more important to monitor and manage your organisation’s security health effectively.
In this blog, we’ll explore two essential tools for data security – multi-factor user authentication and Microsoft Secure Score.
User authentication protects business systems, networks, databases, websites, files and resources from security threats by permitting access for authorised users only.
Authorised users are typically identified by credentials relating to knowledge, possession and biometrics. That is:
- Something the user knows – information required to log in, such as usernames, passwords or PINs
- Something the user has – the device or physical object used to access entry, such as smart phone, key fob, ID card.
- An inherent trait of the user – a part of the human body used for identification, such as fingerprint, retina or palm scanning, or vocal and facial recognition.
User authentication can comprise just one or multiple factors for verification. For example:
- Single-factor authentication (SFA), as the name suggests, requires just one identifying factor – the most common and simplest being username and password
- Two-factor authentication (2FA) combines knowledge factors with possession; such as username and password coupled with a mobile device, thereby requiring two identifiers
- Multi-factor authentication (MFA) requires identifiers from all three of the main factors highlighted above (or even more!); that is, something you know, something you have, something you are (biometrics).
Pros and cons of multi-factor authentication
As hackers are becoming more sophisticated in their ability to gain access and high-profile breaches or leaks more commonplace, it is generally accepted that SFA is no longer suitable for protecting an organisation – especially when malicious users have a knack for simply guessing many passwords or using an internet bot to do the guessing for them!
Both two-factor authentication and multi-factor authentication therefore offer greater security by increasing the lines of defence. They make breaches and attacks much more difficult for hackers to hurdle.
However, increased security and more sophisticated technology inevitably means greater expense. Similarly, introducing additional authentication processes may feel overwhelming or frustrating for users.
Indeed, they may resent having to jump additional security hoops, simply to access information to perform their day job. The risk of which is non-compliance with security measures or – horror of all horrors – people writing down complicated access information.
So take note: your MFA therefore needs to take into account the requirements of your organisation as well as those of the users.
Microsoft’s Secure Score
Picture the scene: your organisation and your employees are reaping the numerous benefits of cloud-based applications and storage. Productivity and staff motivation are high thanks to increased opportunities for flexible, anywhere working. Plus, you are no longer burdened financially or spatially by ever-expanding on-site data centres.
However, you understand with cloud solutions comes security risk.
Enter Microsoft Secure Score.
Secure Score is a feature of Microsoft 365 and is a tool for monitoring, analysing and improving the security of your users, data, apps, devices and infrastructure.
How does it work?
Your organisation is scored according to what Microsoft 365 services are in use, how they are being used and by whom.
Secure Score assesses whether recommended security features are configured, security-related tasks are being performed, and improvements are implemented. For example, enabling multi-factor authentication for users is an action that adds to your score.
Through Secure Score you’re building a daily picture of your users’ and organisation’s secure use of Microsoft 365. From here you will receive recommendations for improving your score, advice for following best practice and which actions to prioritise to improve your security health.
Indeed, the improvement actions provided are themselves prioritised; they are listed by effectiveness of the action compared to the impact to the end user – that is, highly effective actions with low-level impact to users are ranked as top of your priority list, making for well-considered improvements.
You can also monitor your organisation’s progress overtime to build a history of your security health, as well as benchmark your performance against global and industry scores. Another valuable insight is Secure Score’s risk assessment, whereby further recommended actions are provided for mitigating risks.
It’s certainly a tool to take advantage of!