March 9, 2020

Security & Compliance in The Cloud

Security & compliance is higher up on organisations' agenda than ever before and it’s not surprising. The five main trends identified by the National Cyber Security Centre in the period between October 2018 and April 2019 highlighted 5 main areas of vulnerability.

Incident trends

There has been significant use of tools and scripts to try and guess users’ passwords. This has almost become the daily norm for Office 365 deployments with attacks now being mounted at scale across the Internet without ever having a foothold within the corporate infrastructure. 

A successful login will give access to corporate data stored in all Office 365 services. For example, both SharePoint and Exchange can be compromised, as well as any third-party services an enterprise has linked to Azure AD.

Password spraying

The most common attack affecting Office 365 is password spraying, which attempts a small number of commonly used passwords against multiple accounts over a long period of time. In most cases, attackers aren’t after just one specific account. This doesn’t tend to trigger account lockouts because the limit of failed attempts is not reached, and as a result this can make it much harder for IT security teams to spot them.

A recent report stated that 60% of Office 365 and G Suite tenants were targeted with IMAP-based password-spraying attacks. However, it's important to note that G Suite administrators can disable IMAP connectivity, mitigating the risk to their G Suite users.

Credential stuffing

On a smaller scale, we have also seen credential stuffing. This takes pairs of usernames and passwords from leaked data sets and tries them against other services, such as Office 365.

This is difficult to detect in logs as an attacker may only need a single attempt to successfully log in if the stolen details match those of the user's Office 365 account.

Similarly to password spraying, this targeted method can be combatted by disabling IMAP connectivity within G Suite.

Ransomware

Ransomware attacks prevent organisations from using their computers or accessing their data, typically by encrypting files and folders. Once this hold is in place, the hackers request payment to release the organisation’s data and allow them to get back to work. 

It’s important to note, however, that no Google file formats can be affected by this as they are not traditional files like Word or Excel, they are in fact web files with no physical storage location. This means that organisations that use G Suite and store their files within Google Drive are instantly protected from ransomware attacks without having to shell out huge amounts of money on additional security products.

Email Protection

Gmail has long since been the standard-bearer for security & compliance around email through anti-phishing measures and high levels of spam protection for users. This has covered for the most part both consumer and G Suite users. 

Confidential Mode - users can help protect sensitive information from unauthorised access using Gmail confidential mode. Recipients of messages in confidential mode don't have the option to forward, copy, print, or download messages, including attachments. Users can set a message expiration date, revoke message access at any time, and require an SMS verification code to access messages.

Data Loss Prevention (DLP) -  analyses the files in your organization’s Team Drives for sensitive content. You can set up policy-based actions that will be triggered when any sensitive content is detected.

Gmail Security Sandbox - a sandbox detects the presence of previously unknown malware in attachments by virtually "executing" them in a private, secure sandbox environment, and analyzing the side effects on the operating system to determine malicious behaviour.

Staff Training

All businesses need to be proactive in training their staff for GDPR. When new staff members come on board, they should receive data management training, and all members of the team should understand how your business specifically uses data. 

Allied to that, IT partners such as Cobry should be engaged to teach best practices within the organisation through training sessions, either in person or through webinars. 

2SV

One of the most effective ways to protect yourself from being hacked is 2SV.

There are multiple 2SV methods, including SMS Text, Google Prompts on mobile devices, and physical USB Security Keys.

Using 2-Step Verification (2SV) provides users with a better option to secure their accounts. As well as 2SV over an encrypted connection, users can also block unauthorised access to their accounts with Google Prompt which delivers real-time prompts, telling the user when they have logged into another device.

This update comes through as a pop-up notification on the Google app. This allows users to answer “yes” or “no” when asked, “are you logging in?”

Allied to that, additional control can be gained from deploying Cloud Identity. For full details please click here.

How Cobry Helps

One of the most comforting services Cobry offers is a full Security & Compliance Review. 

This can give you valuable insight into your organisation's security & compliance setup. You can find out more here, and you can also get in touch via the button below.

August 14, 2019

G Suite FCA Compliance

Financial Companies Seize Path to the Cloud

When Board meetings within the Financial Services sector start addressing the subject of migrating to the Cloud you can be sure that this technology has matured to provide a credible improvement on legacy infrastructure. So much so, that we have recently helped multiple financial companies gain FCA approval by leveraging the powerful security features within G Suite.

Highly regulated companies such as HSBC, ABN Amro, Allianz and Paypal have all taken the plunge and invested in Google Cloud & G Suite FCA compliant tools.

What did these companies consider in this process though and how can it be applied to yours?

Securing company data

Unfortunately, it is almost impossible to prevent your employees’ mobile devices being lost or getting stolen from time to time. When these incidents occur it does not have to be such a worry.

G Suite keeps your company’s data secure with mobile device management (MDM) policies. With basic management, you can ensure that mobile devices require screen locks and/or strong passwords on your employees’ devices, keeping your corporate data secure. In addition, G Suite allows you to erase confidential business data with device wipe, or selected account wipe for Android or iOS. You can see the list of devices that are accessing corporate data in the Google Admin console.

G Suite's Mobile Device Management means that you can manage, secure and monitor all mobile devices that are in your organisation. It is possible to manage a range of devices, including phones, tablets, and even smartwatches. People are still able to use their own personal devices for work (BYOD) as you will be able to wipe their corporate accounts on their devices, should the worst happen.

So, how does G Suite protect my data?

When you decide that you would like to store your data with G Suite, it is then protected in a number of different ways. This includes advanced phishing detection with the aid of machine learning, authentication with security key enforcement and also prevention of data leakage.

Due to G Suite being a 100% cloud-based system it means you can be protected from attacks such as Ransomware, viruses, and malware. There is no need to install a separate system for spam processing because Gmail uses Machine Learning to automatically filter any spam and to scan all emails for suspicious and dangerous content.  The G Suite administrator can also control all attachments sent and received by your organisation so that nobody opens or sends anything that they shouldn’t.

Other security-centric features include:

  • Confidential Mode - users can help protect sensitive information from unauthorised access using Gmail confidential mode. Recipients of messages in confidential mode don't have the option to forward, copy, print, or download messages, including attachments. Users can set a message expiration date, revoke message access at any time, and require an SMS verification code to access messages.
  • Data Loss Prevention (DLP) -  analyses the files in your organization’s Team Drives for sensitive content. You can set up policy-based actions that will be triggered when any sensitive content is detected.
  • Gmail Security Sandbox - a sandbox detects the presence of previously unknown malware in attachments by virtually "executing" them in a private, secure sandbox environment, and analyzing the side effects on the operating system to determine malicious behaviour.

2 Factor Authentication keeps your data secure  

Using 2 Factor Authentication (2FA) provides users with a better option to secure their accounts. As well as 2FA over an encrypted connection, users can also block unauthorized access to their accounts with Google Prompt that delivers real-time prompts, telling the user when they have logged into a device.

This update comes through as a pop-up notification on the Google app. This allows users to answer “yes” or “no” when asked, “are you logging in?”

Allied to that, additional control can be gained from deploying Cloud Identity. For full details please click here.

Automatic rules ensure G Suite FCA compliance

There are now new device rules for Device Management, which allows G Suite admins to define custom rules that create triggers for certain actions or events. For example, if something occurs on one of your company’s devices that’s been specified in a custom rule, the corresponding action that’s been set will automatically be carried out. Some of these rules include;

  • Approve select mobile devices when the device is enrolled.
  • Block access to corporate data if a specific app is installed.
  • Block access to account/wipe the device if the user has more than 5 failed screen unlock attempts.
  • Block access to/wipe the account if there is suspicious activity found on the device.

3rd Party App Control

Google can also protect your data against phishing attacks. Google provides 3rd party control with OAuth apps whitelisting. This gives your company extra control over 3rd party applications that have access to your data. It is now possible for admins to specifically select which apps can have access to which users G Suite data. This keeps your data safe as it is ensuring that your users don’t accidentally grant access to apps that may be malicious.

Google Cloud & G Suite FCA Accreditations

As if that wasn’t enough, Google Cloud Platform has been awarded independent security standards including ISO27001 and ISO27017 (see the full list here)

And finally a quote from the CIO of HSBC -

“We have peace of mind knowing that Google Cloud takes security and compliance very seriously”

Group CIO, HSBC (2018)

Contact Us

We are always happy to talk through your requirements here at Cobry, and we may even be able to give you a free IT security checkup in the process to help you with your G Suite FCA compliance!

© Cobry Ltd, 24 Sandyford Place, Glasgow, Scotland, UK, G3 7NG - 0333 789 0102 | Privacy Policy