The concept of least privileged access has been around for a while and is widely understood. However, overprivileged users with more rights than necessary, such as administrators, continue to be a common source of breaches. It’s such a concern that the restriction of administrative privileges is included as one of the Australian Government’s Essential Eight Maturity Model to mitigate cybersecurity incidents.

The concept of Bring Your Own Device, or BYOD, has been adopted by organizations wanting to take advantage of the benefits. BYOD allows employees to use their personal devices to connect to their business networks and access work-related resources using smartphones, personal laptops, tablets and USB keys. But is a BYOD strategy good for security? Along with the benefits come increased BYOD security risks that require mitigation.

The Australian Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) and Systems of National Significance (SoNS) regulations are aimed at improving the resilience and risk management practices of Australia’s Critical Infrastructure sector and making it easier for organisations and governments to securely share information.

A common topic in our blog is the threat that insiders pose to an organization’s sensitive data. Why? ‘Insider threats’ continue to pose the biggest threats to intellectual property (IP) and military secrets. Insiders, including contractors, need access to sensitive information to do their job, but to what extent? How can we prevent sensitive information from being exfiltrated by malicious insiders?

As you look back on the state of cybersecurity in 2022 and set your security priorities for 2023, Zero Trust Data Access should top your New Year’s Resolutions list. Zero trust was probably the most talked about security trend last year and for good reason – it is clear no matter how much we layer our defenses hackers, malicious insiders and simple negligence are impossible to eradicate.

2022 has been a busy year in cybersecurity with some high-profile breaches taking over the headlines late in the year. From simple negligence to unpatched systems, phishing emails, hackers, and malicious insiders our systems and data remain vulnerable. It’s clear that despite our best investments in security training and technology there is still room for improvement in 2023.

Cyberattacks are still big business and on the rise. Despite substantial increases in cybersecurity spending, many businesses aren’t taking enough action to mitigate their risks. While a significant data breach in itself is a scary concept, the costs of inaction and the subsequent charges associated with investigations, penalty fines and reputational damage should worry you even more.

There are many ways to share data in SharePoint, including lists. A SharePoint list is a collection of data that a user can share with other users to whom they have permitted access. A variety of default list templates are provided in SharePoint to allow for easier set-up. Users can also import such lists (usually in CSV format) from other applications.

Data classification is an important business process. It makes it easier to apply data protection, helps employees understand what data is sensitive, and, importantly, which data can be made public. Unfortunately, many organizations provide employees with access to far more data than is needed. The oversharing of information with employees is a huge security risk.

Encryption is an essential means of protecting sensitive information and is required for certain types of data under many regulations. As more companies move to the Cloud and introduce Microsoft 365 (M365) applications like Teams and SharePoint Online to their communication and collaboration channels, the potential for data getting into the wrong hands grows exponentially making encryption strategies essential.