Secure by design, the number one requirement for the modern workplace
The modern workplace is cloud native and demands extensive security measures. Therefor security is embedded throughout our DIGITAL365 concept, secure by design. This means considering user productivity from the outset.
The Netherlands is globally known as the digital gateway to Europe, thanks to the Amsterdam Internet Exchange (AMS-IX), one of the world’s largest internet hubs. The Netherlands is also one of the most connected countries in the world, with nearly a third of Europe’s data centers located in the Amsterdam region.
Consequently, digital threats such as cybercrime, digital espionage, and disruption of online services are significant concerns in the Netherlands. This prompted the National Coordinator for Security and Counterterrorism (NCTV) to proactively warn organizations to expect the unexpected and adapt their security accordingly.
The big question for many organizations is how to secure workplaces effectively, as 80% of all security incidents occur at this level, according to Microsoft. What does a secure, modern workplace look like?
Secure by design, not as an afterthought
The most significant step in workplace security is to apply security measures and principles from the start: secure by design. This approach integrates security into every phase of the design and development process, resulting in a more robust and secure system. Implementing security measures retrospectively can burden users with additional processes and tasks that might conflict with productivity, which does not benefit security.
By integrating security measures as much as possible into the workplace, both security and productivity are ensured. This begins with logging into the system.
Single secure login for all applications
Logging in with a password confirms your identity — but a password alone is no longer secure. Hence, we have two-factor authentication (2FA), where a second identification method, such as a code via email or SMS, or a code generated by an authenticator app like Microsoft Authenticator, is used. If users can choose from multiple factors, such as biometric data (fingerprint or facial recognition), location data, or a smart card, it is called multi-factor authentication (MFA). In this case, a password is not even necessary: Microsoft refers to this as passwordless authentication.
Previously, users had to log in separately for each application. Microsoft now offers single sign-on functionality as an integral part of Office 365: once logged in, no further logins are needed elsewhere. Users only need to remember and maintain one password. If login credentials are suddenly requested via a phishing email, it is immediately clear that something is wrong.
Secure cloud working
Another focus within organizations is access to confidential documents. Users are not always fully aware of the risks when a specific document falls into the wrong hands. With Microsoft Governance, documents and emails can be automatically labeled by an algorithm that looks for specific data, such as a BSN or credit card number. If a user still wants to share a ‘confidential’ document with an external party, it must be justified with an explanation.
This touches on the broader information management policy within Office 365. Who has access to which documents and why? A good methodology for this is Role-Based Access Control (RBAC), a security mechanism that determines who has access to what within a system. For instance, a support employee does not need access to sales figures for their work. By clearly formulating roles and the associated access to applications and documents, an additional security layer is established.
Regardless of the device
Another common cyber threat comes from the use of unauthorized apps and devices: shadow IT. Consider using Dropbox for file sharing or sending business emails via a personal tablet. This often happens not out of malice but out of convenience: employees want to work more efficiently and unknowingly or without permission choose other solutions they are already familiar with. The first measure is to ensure that the tools provided are so good that employees do not need to look for alternatives.
A second security measure is managing devices within an organization. Microsoft offers Microsoft Intune for this purpose, a cloud-native service that provides employees with secure access to company data and applications regardless of the device. In addition, Microsoft Defender ensures that all activities and incidents on the device are monitored. If something goes wrong, it is immediately detected. At Digital Survival Company, we offer various security services to ensure the proper response.
Preventing ransomware
Dutch organizations affected by ransomware are not insignificant: KNVB, MediaMarkt, VL Group, Maastricht University, Hof van Twente, and RTL Netherlands. In most cases, ransom is paid to release the captured data or systems, often amounting to millions. Even then, it remains uncertain whether the system will actually be released. Moreover, ransomware can remain active on the system and be reactivated later.
To give ransomware no chance, we offer so-called immutable backups. These backups cannot be edited or modified and, therefore, cannot be encrypted by ransomware. This is also secure by design: assuming that cyber threats will occur.
Adoption is key
The best defense against cyber threats remains the users. The applications and tools they receive to do their work must not only be secure but also make them more productive. Tailoring the workplace to daily practice is crucial for this.
A prime example of this is the modern workplace management we implemented for PLUS Holding B.V., the supermarket chain with about 270 stores nationwide. By considering the roles of different employees, we optimized productivity and security. For instance, a stock filler on the shop floor mainly needs access to product availability and delivery information, nothing more. The store manager, an independent entrepreneur who adopts the PLUS formula, requires access to sensitive business information. This access is only provided in the office, where they log into the system with MFA. They work with the files and tools relevant to them in the most secure and productive way.
