Breakwater IT worked with EAAA to identify and implement security improvements to prevent breaches as a result of attacks on emails.
• Two Factor Authentication (2FA)
• Attainment of Cyber Essentials Plus
• Employee engagement and training
• Improving existing hardware to provide further encryption and security
With a large employee base, including charity and clinician teams and volunteers, all based across 4 counties and a mobile workforce that comprises 50% of personnel; it was necessary to fully involve and inform all users as to why and how these new solutions were being introduced.
Two Factor Authentication
The project started with a testing stage, with 5 users measuring the impact 2FA had on their day to day work as well as understanding the benefits of Office 365 and training needs for all their users.
Once the testing was complete, 2FA was rolled-out against each user’s Office 365 account. EAAA and Breakwater decided that it would be more beneficial to carry out the 2FA authentication at the same time as the new Office 365 installs. This gave the EAAA facilities team time to spend with each team member going through the process (following staff meetings). Some of the installation could be carried out remotely by Breakwater, meaning minimal disruption to users’ workloads.
Breakwater also attended a clinician training day, enabling 2FA to be activated to a larger number of users in one sitting. When users log into their Office 365 account they are now required to approve their sign-in request using the Microsoft Authenticator app.
Authenticator provides an extra layer of security in addition to a PIN. It is a quick and easy way of signing into a personal Microsoft account, preventing unwanted identities from breaching data.
This method of approval also shows details of compromised accounts, EAAA are able to get in contact with Breakwater if there is ever a sign-in request when they are not knowingly trying to sign into an Office 365 app.
Cyber Essentials Plus
Breakwater supported EAAA through their Cyber Essentials Plus certification, providing reassurance across the charity that cyber security is taken seriously and the right controls and protection is in place. Cyber Essentials gives protection against a wide variety of the most common cyberattacks and shows a commitment to:
• Securing internet connection
• Securing devices & software
• Controlling access to data and services
• Protecting from viruses and other malware
• Keeping devices and software up to date.
Engagement & Training
Ongoing employee training is one of the most effective ways to combat users clicking on phishing emails and inadvertently causing a data breach.
EAAA recognise the important of user engagement and prior to the launch of 2FA, they presented on the benefits it would deliver, the nature of cyber threats and how to avoid an attack.
*Statistics from Mimecast, The State of Email Security Report 2019.