Consulting with a Conscience™

A cruciallogics blog

Written by Amol Joshi
on June 01, 2021

While the Covid-19 crisis is “moving the world toward increased technological innovation and online collaboration,” according to the U.N, “cybercrime is also on the rise with a 600% increase in malicious emails.” In a recent Statista survey of global online fraud examiners, 60% predicted a significant increase in cybercrime. Now, more than ever before, companies need to test their IT security.

 

A penetration test (pentest) is an authorized hack of your IT systems, designed to mimic a cyberattack in a controlled environment. It is usually conducted once a year to evaluate the security of your IT infrastructure, identify vulnerabilities in your systems and find solutions to resolve identified risks. Often, companies rely on an annual pentest as their sole method of assessing the integrity of their IT infrastructure.

 

The problem with a pentest is that you’re only getting a snapshot of the gaps in your perimeter security and not a complete evaluation of your security architecture. Pentests look for known and unknown vulnerabilities in your IT systems and assess if they could cause potential harm to your IT infrastructure. They don’t always point out security gaps that arise from misconfigurations or lack of configuration.

 

Some of the security issues that a pentest will not uncover include: 

  • Improperly configured Office 365 authentication rules
  • Lack of alerting on your sign-in logs and permissions settings
  • Already compromised user and rogue forwarding rules 
  • Misaligned attachment scanning protocols and spam filters
  • Improperly set up MFA (Multi-Factor Authentication) 
  • Unsecure PIM (Privilege Identity Management) and self-service password settings
  • Incorrect Active Synch, POP3, and IMAP settings 
  • Disabled anti-spam and anti-phishing policies in EOP (Exchange Online Protection) or exception rules that may introduce new vulnerabilities 
  • Misconfigured DKIM (Domain Key Identified Mail) protocols  
  • Unmonitored credential phishing activities  
  • Improperly set up conditional access protocols 
  • Unsecure email forwarding protocols, including automatically forwarding incoming emails using keywords, and email forwarding rules set to permit the forwarding of personal emails

 

This is not an exhaustive list, and it is far from a complete IT systems evaluation. At CrucialLogics, we can help you improve your IT security infrastructure and extend the functionality of your annual pentest with a comprehensive Office 365 assessment, including:

 

  • Office 365 Configuration Assessment

CrucialLogics can evaluate the efficiency of your security controls used in the configuration and deployment of your Azure and Office 365 configurations, authenticate the default settings and identify improvement opportunities. We can also assess how your overall IT infrastructure and user bases align with your IT security architecture and best practices.

 

  • Office 365 Security Design and Compliance Assessment

We can assess your security architecture and design with your Office 365 and Azure platforms to identify opportunities for improvement. Advanced system configurations, company processes, and user accountability will be addressed following best practices to meet company policy and regulatory compliance requirements, including NIST 800-53, ISO 27001, GDPR, and HIPPA. Read more about managing your compliance in our recent blog here.

 

  • Cloud Security Assessment

CrucialLogics can collaborate with you to assess your cloud security protocols, including identity protection, data integrity, access control, threat management, and governance. Based on the assessment results, we will design a cloud security solution that can be integrated across diverse cloud technologies and platforms, including AWS, Azure, and Google.

 

  • Office 365 Remediation

Using Microsoft Defender for Office 365, we can identify suspicious or malicious files on a user’s endpoint device, including credential phishing viruses, and take remedial action. Our team of experts will then combine the results of all the assessments undertaken to compile a detailed report and work with you to develop an appropriate remediation plan. 

 

If you are looking for a complete IT security evaluation, including a comprehensive overview of your current Office 365 security environment and insight into your IT protocols and tools, we can help. We also perform security updates on OneDrive, SharePoint, Exchange, and Azure Active Directory platforms. 

 

Companies like yours turn to us to improve their security posture in line with best practices. Let us conduct a comprehensive Office 365 assessment. We will give you a complete picture of the status of your IT infrastructure security and a safety measures roadmap for the future. Reach out to our team today.

You may also like:

Security Advisory and Assurance

Cloudy with a Chance of Data Leakage Part II – Protection and Prevention

Data leakages can happen unintentionally, or they can be caused by malicious actions by people within your organization ...

Cloud Strategy Security Advisory and Assurance

Cloudy with a Chance of Data Leakage Part I - Threats and Impacts

More than 60% of corporate data worldwide is stored in the cloud, and there are more than 40 zettabytes of data stored o...

Security Cybercrime Mobile Device Management

The Top 7 Threats in Mobile Device Security

There are more than 4.3 billion active mobile internet users worldwide, who downloaded more than 230 billion apps and ac...