Skip to content

10 Best Practices for Email Security to Protect Your Business

With the rise of remote working came a surge in cybercrime. Business Email Compromise (BEC) attacks have seen a 150% year-over-year increase, so the odds are not in any business’s favor. However, staying vigilant and educated can protect your company and avoid such attacks. Keep reading to find out the main dangers business email accounts face and get 10 business email security tips.

What is Business Email Compromise (BEC)?

BEC is a type of cybercrime that involves impersonating a trusted business contact, such as a CEO or supplier, in order to trick employees into transferring money or sensitive information to the criminal’s account. These schemes often involve careful research and social engineering to create a convincing ruse.

According to the FBI, BEC fraud has cost companies over $26 billion globally since 2016, and the threat continues to grow. Small businesses are particularly vulnerable, as they may not have the resources or expertise to detect and prevent these attacks.

One example of a BEC scam involved the director of Puerto Rico’s Industrial Development Company, Ruben Rivera, who mistakenly made the transaction of $2.6 million to a fake bank account. In another case, Ubiquiti Networks Inc., the San Jose-based manufacturer of high-performance networking technologies, fell victim to a BEC attack that resulted in a loss of $46.7 million.

As the use of email continues to be an essential aspect of business communication, it is crucial for companies to remain vigilant and take proactive measures to defend against the threat of BEC.

Phishing is the number one email security threat

Phishing is a type of digital scam that is especially common in emails. It’s a form of social engineering where a hacker tries to deceive an employee into believing the email is coming from a credible source. Phishing emails usually have some sort of CTA: it’s like a form of marketing, if you will. Except that phishing CTAs usually involve clicking on a malicious link or revealing sensitive company data to outsiders.

Well, just like any other marketer, hackers employ creative techniques to improve the conversion rates of their scams. The more deceitful the email, the higher the conversion rate. That’s why phishing emails can be difficult to spot at times. Examples of phishing emails include:

  • Account verification scam. You may receive a phishing email that looks something like this: “Due to a recent security threat, we would like to ask you to verify your account by signing in through the link below. Failing to do so will result in the permanent deactivation of your account.”

  • Fake invoice scam. Hackers may send out emails saying, “We still haven’t received your payment for our services. Please use the link below to complete the transaction.”

  • Spear phishing. This is a more advanced and tailored form of phishing that requires hackers to do some research on your company. For instance, an employee may receive an email that looks like it’s coming from a specific coworker, instructing them to visit a website or disclose information.

Password security for your business

Store, manage and share passwords.

Get NordPass Business

30-day money-back guarantee

Best practices for business email security

Falling for phishing scams can expose your company to data breaches and malware. Taking steps to appropriately ensure the security of your email will help protect your business from phishing and other forms of cybercrime:

1. Conduct phishing awareness training

Emails usually get breached through employee negligence and lack of knowledge. So the first way to increase email cybersecurity is to raise awareness about the main threat: phishing. All employees should receive in-depth training on recognizing and avoiding attempted phishing schemes. The main points to cover here are:

  • Becoming familiar with the main phishing schemes

  • Being suspicious about unusual requests

  • Never clicking on random links received through email

Once employees are familiar with these precautions, your company’s susceptibility to phishing emails will significantly decrease and your business email security will improve in general.

2. Train employees on how to deal with email attachments and suspicious email links

Email attachments and suspicious links are the most common methods cybercrooks use to spread malicious software. Ensure that your employees are well aware of these devious practices and are trained to spot them in real-life situations. With time and a lot of practice, your team will develop a sense for suspicious email links and attachments, which should considerably lower the potential attack vector and significantly improve your overall security posture.

3. Enable multi-factor authentication

You can make your account safer from hackers by connecting your smartphone to your email. Even if the passwords to your email accounts are leaked, no outsiders will be able to access them without having access to the device it’s connected to. All vital business accounts, not just email accounts, should have multi-factor authentication enabled.

4. Avoid using email when on public Wi-Fi

Public Wi-Fi poses massive risks to email security. If it’s unencrypted (which it often is), anybody can connect to the same network. You never know when a hacker will be that someone.

If a hacker intercepts your connection with unencrypted public Wi-Fi and catches you logging into your email, they can steal your email password. It’s best to steer clear of public Wi-Fi altogether, but if connecting to it is necessary, never transmit important data while on it.

5. Avoid using business emails for private purposes and vice versa

Most office jobs these days come with an email address. Some people get the temptation to use the new email address for all sign-ins. Need to sign up for a new streaming service? Well, why not use your brand new business email for that? Everybody else does it, anyway, right?

At first, it might sound like a great idea. Yet using your enterprise email for private purposes and vice versa could cause significant security concerns for you as an individual and the company.

First, using a company email for your personal online activities allows for easier and simpler profiling. Consequently, that could lead to spear-phishing — a targeted phishing campaign or other targeted cyberattacks.

6. Encrypt company email

Encrypting company email using special email security software is a great way to steer hackers away. Encryption ensures that the only people able to view the emails are the sender and recipient. If a hacker intercepts an employee’s Wi-Fi connection or email account, they will not see any sensitive data.

7. Set up email security protocols

Email security protocols are immensely important because they provide an extra layer of security to your digital communications. The protocols are designed to ensure the safety of your communications as they pass through webmail services over the internet. Without the aid of email security protocols, bad actors can intercept communication in a relatively easy manner. Please familiarize yourself with different email security protocols and enable them to ensure secure communications.

8. Improve endpoint security

To further fortify your security stance, take action to improve your endpoint security. Often the easiest and most effective way to boost endpoint security is by implementing security tools for company-wide use.

Consider deploying a VPN like NordLayer — a tool that encrypts the internet connection and data transferred over your business network. Antivirus software is another tool that should be used on all business workstations to ensure a proactive defense.

9. Don’t change passwords too often

Password fatigue is a fact of life — today, the average user has about 100 passwords on their hands. Keeping track of all the passwords is a challenge.

The conventional wisdom regarding password security is that you should change your passwords every 90 days. While that might sound like a reasonable security practice, it could lead to simpler and easy-to-crack passwords being used.

If you know that your employees take password hygiene seriously and craft hard-to-guess passwords and that none of their passwords were ever leaked, then they should stick to the passwords they already use. If any password (no matter how strong it is) is leaked or breached — the change should be immediate.

10. Use strong passwords for email accounts

Strong passwords are the backbone of account safety. Yet businesses often fail to secure their emails with strong passwords. If your business is like this, you should know that the easier the password, the easier it is to hack, especially through brute-force attacks. Brute-force attacks are when hackers try to guess a password by flooding your account with thousands of attempts.

To protect your business email from such attacks, ensure everyone in your organization secures their passwords. Secure email passwords are:

  • Long

  • Complicated

  • Contain different types of characters

  • Unique (never reused from other accounts)

These points are crucial if you want to ensure the safety of your business. However, passwords that are difficult to hack are also difficult to remember. The last thing anyone would want is to secure their account so well that they couldn’t even access it themselves.

Luckily, the business password manager by NordPass can come to the rescue. If all members of your company use it for their accounts, their emails will be safe, and they won’t need to scratch their heads trying to remember their passwords.

Bottom line

Business email security is never a given. Even though platforms like Gmail or Outlook do their best to ensure the safety of their users, you can easily fall victim to hackers if you don’t actively protect your account. By following these five email security best practices, the chances of getting your business emails hacked will be much slimmer because hackers will likely prefer more vulnerable prey.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

ESET Research: China-aligned Mustang Panda’s latest backdoor targets Europe, Asia, and Australia

  • ESET researchers have analyzed MQsTTang, a new custom backdoor that we attribute to the China-aligned Mustang Panda APT group.
  • Confirmed targets are in Bulgaria and Australia, with a likely target in Taiwan.
  • Due to the nature of the decoy filenames used, ESET researchers believe that political and governmental organizations in Europe and Asia are also being targeted.
  • The malware uses the MQTT protocol for Command and Control communication. MQTT is typically used for communication between Internet of Things (IoT) devices and controllers. This protocol hasn’t been used in many publicly documented malware families.
  • MQsTTang is distributed in RAR archives that only contain a single executable. These executables usually have names related to diplomacy and passports.

BRATISLAVA, MONTREAL — March 2, 2023 — ESET researchers have just analyzed MQsTTang, a new custom backdoor that we attribute to the China-aligned Mustang Panda APT group. This backdoor is part of an ongoing campaign that ESET can trace back to early January 2023. ESET Research has seen unknown entities in Bulgaria and Australia in our telemetry as targets. ESET also has information indicating that Mustang Panda is targeting a governmental institution in Taiwan. Due to the nature of the decoy filenames used, ESET researchers believe that political and governmental organizations in Europe and Asia are also being targeted. The Mustang Panda campaign is still ongoing as of this writing, and the group has increased its activity in Europe since Russia’s invasion of Ukraine.

“Unlike most of the group’s malware, MQsTTang doesn’t seem to be based on existing families or publicly available projects,” says ESET researcher Alexandre Côté Cyr, who discovered the ongoing campaign. “This new MQsTTang backdoor provides a kind of remote shell without any of the bells and whistles associated with the group’s other malware families. However, it shows that Mustang Panda is exploring new technology stacks for its tools,” he explains. “It remains to be seen whether this backdoor will become a recurring part of their arsenal, but it is one more example of the group’s fast development and deployment cycle,” concludes Côté Cyr.

Based on our telemetry, ESET Research can confirm that unknown entities in Bulgaria and Australia are being targeted. In addition, a governmental institution in Taiwan appears to be a target. The victimology is unclear, but the decoy filenames make ESET believe that political and governmental organizations in Europe and Asia are also being targeted. This would also be in line with the targeting of the group’s latest campaigns.

MQsTTang is a barebones backdoor that allows the attacker to execute arbitrary commands on a victim’s machine and capture the output. The malware uses the MQTT protocol for Command-and-Control communication. MQTT is typically used for communication between IoT devices and controllers, and the protocol hasn’t been used in many publicly documented malware families. MQsTTang is distributed in RAR archives that only contain a single executable. These executables usually have filenames related to diplomacy and passports. For more technical information about MQsTTang, check out the blog post “MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

NIST Releases New AI Risk Framework to Combat Emerging Threats from Malicious AI

ztda-tile

 

For most of history, our species has found creative ways to use technology for both bad and good. For example, we can harness nuclear energy to produce vast amounts of clean energy, helping to reduce our reliance on fossil fuels. But we can also use nuclear power to create devastating weapons of mass destruction.

The same is true for many other technologies. Is the internet a way to unite people and revolutionize how we access information? Or is it a tool for cyberbullying, identity theft, and spreading misinformation? Well, it’s both.  

Now it’s AI’s turn to fall to the dark side. AI has the potential to transform industries, revolutionize the way we work, and improve our daily lives. And that’s precisely why it’s generated so much buzz in recent years. However, it’s also caught the attention of cybercriminals intent on using it to create AI malware, AI ransomware, and for a range of other deleterious purposes.

But how exactly are cybercriminals leveraging advanced AI tools like ChatGPT? And what are reputable industry bodies like NIST doing to stop them? Let’s get into it.  

ChatGPT & The State of Malicious AI Today 

Open AI’s ChatGPT has garnered much attention recently, with the tool reaching over one million users in just five days of its launch. But while most people are using the impressive AI for fun or to improve their workflow, cybercriminals are using it for more nefarious purposes, including:  

Phishing and spamming: Bad actors could use ChatGPT to generate convincing phishing emails or messages to lure victims into clicking on malicious links, downloading malware, or providing personal information. It can even help create convincing-sounding emails impersonating high-ranking individuals, like a CEO.  

Malware development: Cybercriminals could use ChatGPT to create more sophisticated malware that can evade detection by traditional security measures. In January 2023, Checkpoint outlined how fledgling and seasoned cybercriminals were using the chatbot to create infostealers and encryption tools.  

Scamming: ChatGPT could create convincing scams, such as investment or romance scams, that could trick victims into sending money or providing sensitive information. 

Automated attacks: Cybercriminals could use ChatGPT to automate brute-force attacks or password cracking, making it easier and faster to breach security systems. 

It’s important to note that OpenAI takes measures to prevent its technology from being used for malicious activities by working with law enforcement and security organizations and implementing ethical guidelines. So, for example, if you explicitly ask, it won’t write malicious code. Still, cybercriminals are finding ways around this. For example, some developers experimenting with ChatGPT found that if you detail the steps of writing the malware instead of giving a direct prompt, the AI will construct the malware for you.  

Perhaps the most dangerous thing about ChatGPT from a cybersecurity perspective is that it allows anyone to be a hacker. Before AI, there were several barriers to entry for becoming a hacker. For example, you would need technical skills like knowledge of computer programming and networking and access to specialized tools and resources, usually obtained on the dark web. But AI is helping bridge these gaps even for people with minimal hacking experience.  

The Rise of AI Malware, AI Ransomware, & Sophisticated Attacks 

While security-conscious companies and security researchers are busy finding new and increasingly advanced ways of safeguarding systems, cybercriminals are busy finding ways to bypass these advancements. It’s a constant game of cat and mouse. And the result? Increasingly sophisticated cyberattacks.  

Cybersecurity researchers have already found evidence of well-known cybercriminal gangs hiring pen testers to help break into company networks. The notorious ransomware gang Conti (who racked up a terrifying $182 million in ransomware payments in 2021) is one such group thought to be reinvesting its earnings into hiring experienced tech professionals.  

A natural next step for cybercriminals will be to hire ML and AL experts to create advanced malware campaigns. Cybercriminals may use AI to automate large portions of the ransomware creation process, allowing for accelerated and more frequent attacks. And then we have true AI malware and AI ransomware. This is where hackers create situationally aware malware that analyzes the target system’s defense mechanisms and quickly learns and mimics everyday system communications to evade detection. 

NIST’s New AI Risk Management Framework 

On January 26, 2023, The National Institute of Standards & Technology (NIST) issued Version 1.0 of its Artificial Intelligence Risk Management Framework to enable organizations to design and manage trustworthy and responsible AI. But what is this framework all about? 

The AI RMF divides into two parts. The first part frames the risks related to AI and outlines trustworthy AI system characteristics, while the second part describes four specific functions — govern, map, measure, and manage. These four functions are further divided into categories and subcategories and help organizations address AI system risks in practice. In addition, organizations can apply these functions in context-specific use cases and at any stage of the AI life cycle, making them versatile tools.  

Crucially, NIST’s AI Risk Management Framework focuses on changing how we think about AI. It outlines seven characteristics of trustworthy AI, including “Safe” and “Accountable & Transparent,” which are particularly relevant to AI’s use in cybercrime. The “Safe” section emphasizes the importance of designing AI systems that do not cause harm to humans, property, or the environment. Meanwhile, the “Accountable & Transparent” section requires that information and outputs from AI systems be available to all users. This helps prevent cybercriminals from manipulating the AI into providing responses that other users could not elicit. 

Final Thoughts 

The growing use of AI by cybercriminals has led to the emergence of new threats, such as AI ransomware and AI malware. These pose a significant risk to organizations and individuals alike. However, the new NIST AI Risk Management Framework provides a comprehensive approach to addressing these risks. By following its guidelines, organizations can mitigate the threats posed by malicious AI and ensure the development of trustworthy AI systems. As AI technology continues to evolve, organizations must take steps to protect themselves and stay up-to-date with the latest risk management strategies. 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Why on-prem backup for Azure Active Directory isn’t enough

And 5 reasons why you should back up Azure AD in the cloud 

 

 

Imagine a busy city with multiple roads leading to various destinations, such as a hospital, a shopping mall, and a stadium. Just like a traffic light controlling the flow of vehicles to and from these destinations, Active Directory (AD) and Azure Active Directory (AAD) control the flow of and access to information from apps and services such as Microsoft 365, Salesforce, Google Workspace, and others. Organizations rely heavily on AD and AAD to ensure a smooth flow of and access to their data. 

 

However, just like how a city can experience traffic jams, frustrations, accidents, and general chaos when the traffic light is out, when AD or AAD are not accessible, the flow of and access to control-plane information can cause severe business disruption. This post will explore the importance of data protection for Azure AD.

 

The evolution of identity management: From Active Directory to Azure AD and the need for different backup solutions

 

 

But first, how did we come to rely so heavily on AD and AAD? Active Directory was introduced in 1999 as a solution for on-premises identity management, providing a centralized repository for user and device information and allowing administrators to manage these resources effectively and efficiently.

 

As the use of cloud-based services grew, the need for an identity management solution that could integrate with cloud-based resources became more important. 

 

This led to the creation of Azure Active Directory, which was designed to serve as the bridge between on-premises and cloud resources, not only creating a seamless and secure identity management solution for cloud computing, but also offering a range of features and capabilities (including single sign on, multi-factor authentication, and conditional access) to help organizations meet their security and compliance requirements. 

 

Microsoft Azure Active Directory and Active Directory seem to be a bit shrouded in mystery. For many, the distinction between them is not always clear, and this distinction becomes even more blurred when it comes to the topic of backing up and protecting the data within each. 

 

Instead of covering all the differences between AD and Azure AD, this post will mainly focus on backup for Azure AD, and it will explore five ways in which AAD requires a different backup solution from the traditional backups used for on-premises AD. Before we can do that though, we need to quickly establish — roughly — what the difference is. 

What’s the difference between AD and AAD?

 

 

As Stephen Covey put it, “the main thing is to keep the main thing the main thing.” That quote might make more sense if you consider the key difference between cloud and on-prem AD to be the main thing… and in this case, the main difference between the two is that Active Directory is designed for managing user access and application infrastructure for an on-premises world; Azure Active Directory is for managing user access to cloud applications in a cloud-based environment.

 

 

Even more simply? Sure: AD is on prem, AAD is cloud based. 

 

 

If you’re interested in exploring the differences further, here’s what Microsoft has to say: Compare Active Directory to Azure Active Directory.

 

 

Every object in either AD or Azure AD has one permanent home. That’s the primary copy of the object, and the copy to which changes are applied. If you are on-prem-only, or cloud-only, then there’s only one copy of each object.

 

In hybrid mode, though, no matter where the object is homed, there will be two copies of it: the primary copy and a synchronized copy on the “other side.”

For organizations using both Active Directory and Azure AD in a hybrid environment, you can think of the cloud copy of an on-prem object as being like a shadow. When you look at a shadow on the pavement, you’re only getting a partial set of information about the real object.

 

In the same vein, Azure AD only has a partial set of attributes from on-premises AD objects because not every object attribute is replicated to the cloud. However, all the attributes of cloud-based Azure AD objects are stored in full in the cloud. This allows organizations to use Azure AD as an identity provider for on-premises resources and allows for SSO for cloud-based resources.

 

 

How does this distinction change backup strategy? 

 

The distinction of where (which environment) your identity objects are homed is paramount. Active Directory backup via on-premises solutions is exactly that: making a backup of on-prem data by copying it to/from an on-premises solution. Azure Active Directory, as a cloud-based application utilizing cloud-based data (and metadata), creates and manages cloud data in the cloud. 

  

 

Why it matters: Comprehensive data coverage requires the ‘right’ backup

 

“Some” Azure AD data and metadata only exist in the cloud environment. You could copy these objects to an on-prem storage location (which is roughly as useful as putting backup tapes on top of the server they’re made from), but these objects must be restored to the cloud.

 

Therefore, with clear gaps in coverage, the data and metadata are not covered holistically. This means your data may not be fully protected when you back up your cloud data with an on-premises Active Directory-oriented tool as your Azure AD backup solution. 

 

In other words: what’s homed on premises and what’s homed in the cloud are physically separate. You introduce new problems for yourself when you cross the streams, including speed of access, data fidelity and quality, and security. 

 

Let’s dive into five reasons why on-prem AD backup is not a viable option for comprehensive backup of Azure AD. 

 

5 things you should consider if you’re backing up AAD on premises

 

 

1. Some attributes in Azure Active Directory are not available on premises

 

 

If you take an on-prem AD account and sync it to the cloud, the sync process (and Azure AD) adds some attributes to it. Some of these may be synced back to on prem (a process called writeback) but some will not. Backing up Azure AD captures these; backing up the on-prem AD won’t. 

 

2. Azure AD may have user objects or attributes that do not exist on premises  

 

 

You can define your own users, groups, roles, et cetera, that exist only in the cloud. If you do not back these up independently, they will not be preserved nor well protected, and your only recourse is to recreate and define these custom entries every time. 

 

And yet not everyone sees the value in protecting these objects when their identity management (IdM) anchor is on prem. Even if an organization’s IdM anchor is on premises, objects and attributes like Intune and conditional access policies are important for several reasons, often forming a key part of organizations’ zero trust security, and, as such, need to be protected against loss or damage. (Read our article on the zero trust principle here.)

 

Still not convinced of the value of protecting control-plane objects? Here are five reasons highlighting the case for securing data protection: 

 

  • Cloud-based management: Intune and Azure AD conditional access are both cloud-based services that can be accessed and managed from anywhere. They cannot be accessed from on-prem systems, so if you lose the copy in the cloud, it’s gone. 
  • Security: Azure AD provides additional layers of security, such as multi-factor authentication and identity protection, that can help to protect against potential security threats such as compromised credentials or unauthorized access. 
  • Compliance: Intune and conditional access can help organizations meet compliance requirements, such as HIPAA by providing features such as device compliance and role-based access control. 
  • Scalability: Azure AD allows organizations to scale their IdM infrastructure as needed, without the need for additional hardware or software. 
  • Remote work: Intune and conditional access can help organizations to secure and manage remote workers’ devices, even if they are not connected to the on-premises network. 

 

Now are these objects and attributes vital to operations? You can decide for yourself. But, considering the impact that could result from losing these in one data loss scenario or another (and the resource investment required to manually recreate and administer them, not to mention the security concerns of not ensuring the right users have the permissions to access company data), adequate data protection of these should be a business imperative. 

   

3. Azure AD will have configuration/state objects that don’t exist on prem

 

 

Enterprise apps, app registrations, Conditional Access (CA) policies, and many other policy- and security-related objects exist only in the cloud. Microsoft’s native protection for these objects is mostly non-existent — delete a conditional access policy, for example, and it’s just gone. Let’s drill down into two important-to-protect Azure AD features: 

 

  • Conditional Access: Azure AD Conditional Access is a feature that allows you to set policies that determine how users are granted access to resources based on conditions such as device compliance, location, and user identity. It allows you to control who can access your resources and under which conditions. This feature can be used to protect against security threats, such as compromised credentials, by requiring multi-factor authentication or other forms of authentication. 
  • Intune: Intune is a mobile device management (MDM) and mobile application management (MAM) service that is integrated with Azure AD. This feature allows you to manage and secure mobile devices, desktops, and apps, including those used by remote workers. It allows you to set policies for devices and apps, such as requiring a passcode or encrypting data, and to remotely wipe a device if it is lost or stolen.

What about the Active Directory Recycle Bin? As these AAD-only configurations/state objects only exist in the cloud, there’s no available recycle bin for these policy objects, so there’s no undo. It’s akin to an immediate hard delete, meaning there is no 30-day or 90-day grace period as there is with soft deletions. 

 

How to recover from hard deletion? Microsoft shares that “hard-deleted items must be re-created and reconfigured. It’s best to avoid unwanted hard deletions.” 

 

Let that sink in for a moment: “It’s best to avoid unwanted hard deletions.” This advice is nigh impossible to follow as common data loss scenarios, like accidental deletions), are a question of when, not if. It highlights how the Recycle Bin was never intended to be a replacement for dedicated backup. Read our post on why backup is a risk-management imperative here. 

 

4. Record preservation  

 

 

How long does Azure AD store reporting data? That’s a very good question: According to Microsoft, activity reports are stored as follows:

As you can see, there is no point-in-time record preservation. With a backup, you can preserve and review cloud-only Azure AD data at a specific point in time and examine which permissions, users, groups, and role assignments existed in your directory, as well as whether an object has changed within a specified time period and preserve these records for as long as required or needed to comply with company or governmental policies.

 

Clearly, these benefits are useful for forensic purposes but also for governance and compliance reasons. Learn more in our eDiscovery post (with a customer Office 365 use case). 

  

5. Microsoft doesn’t provide native protection for many cloud-only objects  

 

 

Microsoft doesn’t provide the same recovery tools in Azure AD as they do for Active Directory itself. According to Microsoft recoverability best practices, it’s clearly important to understand the object types that are protected by Microsoft under soft-deletion and hard-deletion scenarios, visualized here: 

The recovery features for soft deletions are typically limited to 30 days retention, so if you want to recover on day 31, it’s too late! The data is gone, as Microsoft shares here in its Azure Active Directory fundamentals:

Soft-deleted objects are hard deleted after a deletion time of 30 days. The only object types that support a soft delete are Users, Microsoft 365 Groups, Application registration, Service principal, administrative unit.

 

So, the question is this: Are these objects that are automatically hard deleted important to your business operations? And a natural follow-up question is this: Is the 30-day restore period for soft-deleted objects enough protection for your data? (Often, mandatory minimum data retention periods are determined by governments.)

 

Note: It’s important to mention that changes are not covered by the recycling bin, such as editing or overwriting, even to objects that would normally be soft deleted . Any change, intentional or otherwise, replaces the previous version with no option of reverting or recovering. When these changes are done accidentally, we euphemistically refer to them as an “oops,” but they are quite serious and actually one of the leading causes of data loss, so this gap in coverage should concern those tasked with ensuring data protection.

 

The writing on the wall is that native coverage is insufficient for recoverable, comprehensive coverage and that the solution to this coverage gap is having your own third-party backup. This extends your ability to recover these objects for as long as your backup exists. 

 

Explore this in more depth here: Azure Active Directory recoverability best practices from Microsoft.

 

 

What’s next? Choosing a backup solution for Azure Active Directory

 

 

Now that we’ve highlighted the need for dedicated cloud data backup for Azure AD, let’s explore what Keepit provides with its Azure AD service offerings (one of which — Azure AD Standard — is offered completely free of charge). 

 

 

Leading AAD data protection for your cloud security strategy

 

Keepit helps you recover business-critical identity and application objects that Microsoft doesn’t protect. Extend your retention period and strengthen security with protection of policies as well as full auditing and traceability of changes. Protect against day-to-day data loss and improve IT efficiencies with the ability to roll back changes and speed up troubleshooting.

 

 

Azure Active Directory backup coverage 

 

The Azure AD connector protects the following Microsoft 365 Azure Active Directory objects: Users, Groups, Administrative Units, and Roles. It also protects Audit logs (and Sign-in logs with audit logs enabled). 

 

For an exhaustive coverage list, visit our AAD support site here

 

 

Interested in backing up (and restoring) AAD with Keepit for Azure AD? 

 

To learn more about how you can protect your business-critical data and ensure disaster recovery resolve with Keepit for Azure AD – the leading protection for your cloud security strategy – click here

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×