After an I.T crisis — a cyber-attack or other similar external intrusion — we must assess the damage and learn how we can prevent it in the future. We also need to think about how we should deal with it in the most efficient manner, should it happen again. The NHS cyber-attack that was conducted last month is a sobering example of the havoc that can be created from vulnerable and exploitable systems, and it also makes for a good example for the importance of preemptive security.

This month we're going to cover how ClearPeople provide preemptive patching and security best practices to your environments so you never find yourself in a compromising position, and we also have one of our SharePoint experts, Vishan Sondhi, talk about specific measures you can take to keep your instance of SharePoint protected from security violations.

ClearPeople Managed Services, outsource your security stresses

'WannaCry', the now infamous ransomware that held NHS IT networks hostage last month is a glimpse into the future of cyber terrorism and the kind of critical situations your organisation could find itself in. When it comes to 'how' it happened, we learnt that it wasn't some elaborate phishing scam or through some sort of user naivety, but rather because the systems in place were easily exploited after not being updated with the necessary security fixes. 

This itself is a result of a larger issue in the political environment and tight purses allocating funds to the NHS, but the lesson we should take away from this is the importance of ensuring and safeguarding IT security budgets in even the most austere of times. Microsoft were providing security updates exclusively to the NHS for their outdated Windows XP operating systems (which are still plentiful in the organisation and unfortunately, quite necessary for compatibility with a lot of medical equipment), but under the current government this lifeline provided by Microsoft was severed, most likely for being seen as a superfluous luxury. 

ClearPeople Managed Services recognise the importance of acting reactively, acting proactively and providing your organisation with ongoing assurance that your online presence and critical cloud based systems remain intact and functioning, secure from external threats. As part of our critical patching reports we provide a breakdown of your environments (whether they are hosting your intranet or your website) and what security measures/updates we have installed or undertaken since our last update. 

Furthermore, we take pride in providing these reports in a timely and concise manner. We know you don't want to be stressing about super technical updates fixing 'XYZ', so we take the liberty of conducting all the due diligence around the update and explaining everything that's relevant to you clearly. This takes away the stress of carrying out system/server updates (often out of business hours) and also frees up your time to do your job.

Measures to keep your SharePoint Intranet safe, with Vishan Sondhi

In light of the NHS attack, I wanted to write a blog about Security and re-emphasise what we should be doing to protect our data, especially in regard to SharePoint. 

This blog will focus on SharePoint within Office 365 and On Premise and give 3 (of many) pointers of defence to help protect SharePoint.

1) A common security issue I see with many clients is permission governance. 

A SharePoint governance plan can help keep your data secure and compliant. By helping you structure, create policies and procedures and implement controls, such as designing security controls, permissions and roles for assigning permissions etc. for e.g., who controls the security of SharePoint, many of my clients would say the IT department. 

SharePoint is used to store data, and on most occasions, sensitive data. It is important to ensure that this sensitive data is not accessible to the people who do not need to see it, especially as data if shared with external parties, such as contractors, partners etc, therefore it is vital to ensure that access rights remain aligned with the business needs. There have been many cases known where data has got into the wrong hands, for example more recently, the Bradley Manning incident. 

This also includes using the least privileged accounts and use specific accounts for specific purposes. I have seen many SharePoint systems where IT use the farm account as their admin account which is not best practice. Plan for administrative service accounts.

You should also use Groups to manage users as much as you can. Using groups gives you a more maintainable security model, meaning if you want to make a change to a permission, you apply it to a group, not individual people. 

Different sites require different governance policies. Sites such as the homepage require less governance as it would typically be available to everyone in the organisation, whereas the HR department for example, must be more tightly governed due to the confidential nature of the data it contains. 

2) Multi Factor Authentication 

Within Office 365, Multi Factor Authentication (MFA) increases the security of user login. With MFA, users are required to enter a second stage of authentication after the initial entering of their password. The second stage requires the user to receive an email, app notification, phone call or text message to enter a number. Only after the second stage is complete will the user be authenticated to sign in.

3) Virus Protector

For On-Premise installs of SharePoint, there are a growing number 3rd party tools which can be used for anti-virus protection, such as
  • MacAfee 
  • Bit Defender 
  • Sophos 
  • Trend Micro 
However, Microsoft recommend that you install an anti-virus solution based on SharePoint Portal Server Virus Scanning Application (VS API) – this is because SharePoint is continually providing enhancements to SharePoint. Installing a non related SharePoint AV will not guarantee you any support for SharePoint specific issues

Within Office 365, files are scanned as they are uploaded. If a file is found to be infected, a property is set so that users can’t download that file from the browser or sync the file in the OneDrive for Business client. 

Installing VS API is an additional security measure and does not replace the need for a standard virus protector on your local machine. 

I said I would only give 3 pointers, but I thought I would add one more. 

Now this next step is not strictly a SharePoint security setting. With SharePoint Online and On-Premise, it's important to have some sort of lock or password on your device, especially as users now bring their own devices into work. SharePoint is available on mobile, apps like Yammer and OneDrive for Business can be exposed thus potentially leaking sensitive data. 

In addition to this, I wrote a blog on Data Loss Prevention, which is another great way of ensuring that sensitive data does not leave the corporate domain. 

Author bio

Vishan Sondhi
SharePoint Consultant
Vishan is a SharePoint Consultant


comments powered by Disqus

Related Articles

Sign up to our ClearThought newsletter

Get inspired and learn something new by subscribing to our FREE newsletter. It’s full of ClearPeople's thought-leadership whitepapers, blogs, events, and much more. We promise to not use your email for spam.

Closing this message and/or accessing our website tells us you are happy to receive all cookies on the ClearPeople website.
However, if you would like to, you can change your cookies settings at any time.