When you consider all the online threats out there (with phishing, Shadow IT, APTs, ransomware, and cryptominers, to name just a few), you must ensure you are employing necessary and effective tools capable of protecting and defending yourself and your business online. This is particularly true as more organizations shift to remote work in response to COVID-19.
The good news is that accomplishing this goal is more than achievable. Also, it is affordable! Here are 10 free security resources that you can utilize for the software and computers used within your organization. Acquire some of these resources through Microsoft for your applications and licenses.
Your only cost is the time you need to learn these free security resources and how to apply them to your own organization. Let’s dig right in and tighten your company’s security even further than before.
Security Awareness Program
SANS, a provider of cyber security training, certification and research has long provided a Security Awareness Program for employees, but has also releases a “Security Awareness Work From Home Deployment Kit to hep keep your team members secure when moving to a work from home environment.
There are several approaches you can consider when facilitating this program. A great introduction to company security awareness is including this program as a key component of your new employee onboarding process. Another option is providing a continuing online training program which includes a series of recap quizzes to further test comprehension; this keeps all employees current and alert to the importance of proper security awareness. Developing an instinctive sense of the knowledge, attitude, and behaviors demanded to protect your organizations’ information weaves security awareness into your company culture.
Cybersecurity Awareness Training
A logical and necessary partner to a rigorous security awareness program, employing cybersecurity awareness training elevates your company security awareness to the topmost level. By becoming aware of cybersecurity, you remain informed of possible threats and are better equipped to prevent them. Ninjio makes short anime style videos that detail real-world cyber-attacks and provides them in both enterprise and home user editions. These videos are frequently very kid friendly, giving a useful resource for workers who may also be juggling kids impacted by school closure. Their blog is also a good resource on new and emerging threats, including a great write up on new risks being seen during the COVID 19 pandemic.
One of the best ways of revealing the inherent weaknesses in your system (even the best and most secure systems can uncover weakness spots) is to perform penetration testing. This imitates a cyber attack, which in turn exposes vulnerabilities and errors on your end before a real one happens. This is similar to finding the vaccine to battle disease by mimicking its behavior and effects in a controlled environment. This process keeps you informed and also keeps your systems current to the latest threats.
Breached Password Test
It never fails that some users insist on user the same passwords for all of their logins. It’s understandable, since memorizing multiple passwords and user names can be challenging, but it’s also a very poor security practice making it easier for hackers to breach your organizations’ networks and get their hands on valuable data.
The plain fact is that passwords that are used frequently have a greater likelihood of being compromised. But by using this indispensable and essential breached password test you can find out fast who in your organization are using passwords that have been hacked. You can also find out if your company domains have been part of any data breach which included passwords used within your organization. Regularly running this resource can finally keep your company ahead of the hackers.
Phishing Security Test
Phishing scams continue to rank at the top of the list for successful data breaches. Rather than assume your efforts to prevent successful phishing attempts are effective, it is much better to put them to the test yourself by performing your own phishing security test before an outsider does it for real.
Receive a report within 24 hours which shows how prone your organization is to phishing attempts and offers an industry comparison of your strength against this insidious and all-too-often successful practice. One again, being informed is the first step to being armed against possible security breaches.
Microsoft also provides a Phishing attack simulator right in Microsoft Security Center. This tool has the benefit that since the attack originates within you system, you do not need to disable any phishing defenses in your environment prior to testing user response.
This is another situation where, when you think like a criminal, you can stop them in their tracks. One particularly nasty security breach which can be avoided by proactively testing your own security system is a ransomware simulator. This is a form of malware that blocks access and/or threatens to publish private data until a ransom is paid.
By running a ransomware simulator, you will see if your network is prepared to defend against such an attack. Note, this ransomware simulator DOES encrypt data, and should only be used if you know what you are doing.
Microsoft Security Compliance Toolkit
For network administrators working with Microsoft Windows and other Microsoft products, this Security Compliance Toolkit (SCT) allows them to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines.
The SCT offers two tools:
- Policy Analyzer - this utility lets administrators analyze and compare sets of Group Policy Objects
- Local Group Policy Object - this is a command-line utility which helps automate Local Group Policy management
For more information concerning security baseline recommendations, we recommend you consult the Microsoft Security Baselines Blog.
Defenses Against Phishing in Office 365
For users of Office 365 programs, there are a couple of methods for protecting against phishing attempts:
- Enterprise E5 Plan - the Security and Compliance Center offers ATP anti-phishing
- Office 365 ProPlus Plan - you will also find support for identity and authentication protection
In either situation, protecting Office 365 from phishing attacks should remain a top priority and use of these free security resources makes monitoring this practical.
Microsoft 365 Compliance Manager
You can find the Microsoft 365 Compliance Manager in the Microsoft Service Trust Portal. This workflow-based assessment tool gives you the ability to track, assign, and verify regulatory compliance activity. However, only as it relates to Microsoft professional services and Microsoft cloud services. This including Microsoft Office 365, Microsoft Dynamics 365, and Microsoft Azure.
This tool will help you achieve and maintain compliance goals, and even offers a compliance score to make tracking progress easier.
Kali Linux in Microsoft Azure
This free platform found within Microsoft Azure is based on Debian Linus. Kali Linux offers an outstanding set of more than 600 tools which include database assessment, forensics, and password attacks, all of which fit on a thumb drive, a Raspberry PI, or even in Microsoft Azure with an easy installation procedure. Watch our Tech Talk that details how to configure Kali Linux in Azure as well as how to run a proper phishing campaign complete with a copied credential page.
Find More Free Security Resources
As you can see, creating a secure and security-aware network and environment won’t cost you an arm and a leg. Security in the Cloud is as easy as partnering with Agile IT today. Contact us now so you can stop worrying about security breaches and start doing something about it!