I'm feeling pretty overwhelmed as the only IT person in a company with around 200 employees, especially since our focus on cybersecurity is lacking. We use several tools like Kaseya's remote management suite, Datto for endpoint protection, Inky for email security, and more. I've been trying to manage our cybersecurity since I took over from someone who had minimal knowledge in the area.
The issue we're facing is that we keep getting hit by phishing attacks—today alone, it resulted in over 8,000 emails sent to outside vendors! I'm looking for advice onthe first steps I can take to really lock things down. The challenge is that my higher-ups want detailed explanations before making changes and I have to be mindful of not disrupting our field workers. I'm juggling a lot, so any straightforward solutions would be greatly appreciated!
Additionally, I've noticed that some user accounts are getting compromised through Outlook, where attackers set rules to forward emails and mark them as read. I really need help figuring out how to prevent this in the future.
5 Answers
What kind of authentication security do you have deployed across the company? Also, could you clarify the licensing setup for your users? Knowing that would help target specific strategies.
Have you considered implementing multi-factor authentication (MFA) and conditional access policies? Those are proven methods to significantly reduce the risk of phishing attacks. Training your users on recognizing phishing attempts is also crucial. It's the trifecta of protection!
Exactly what I've been telling the bosses. They need to understand this can't be ignored!
Honestly, I think SaaS Alerts are pretty useless for real protection. I wouldn’t even rely on it—they need a serious refresh.
I completely agree. I recently reached out to Kaseya about their issues and didn’t find them very helpful.
MFA combined with conditional access rules can resolve about 98% of these issues. You might also want to look into attack surface reduction (ASR) rules to further enhance security. It's easier than it sounds!
Thanks for the tips! I was thinking of easier options, so this is promising.
Consider locking logins to a specific area or implementing 'impossible travel' conditions. You can require users to notify you if they need to work outside that range. It sounds tedious, but it could really reinforce security. Definitely something to think about!
That could be tricky since our workers move between different states frequently, but I'm open to it if it actually helps!
Currently, we allow MFA through password plus a call or text, and Microsoft Authenticator. Everyone is on 365 Business Premium licenses.