Blog
We are sure you’ve noticed, but working life has changed dramatically in the last year, with one of the main differences being the rise in remote working.
At CloudM, we think that there has been a lot of benefits to working from home (not least, avoiding the dreaded commute) but there are definitely challenges with having a separated workforce that may force you to think more about how you keep your domain and data secure.
For example, your employees are no longer logging in to CloudM from the secure environment of your office, but from a range of unexpected IP addresses, geographies and times. How can you be sure that one of these logins is not from an employee, but a potentially dangerous external threat?
Thankfully, CloudM already has a set of features and policies designed to help you keep your domain as secure as possible. Now is the perfect time to take advantage of them.
Did you know that, for 15 years at the height of the Cold War, the launch code for all US nuclear missiles was “00000000”?
The best and simplest way to stop unwanted logins is to make sure your employee’s passwords are as strong as possible. We have all been guilty of using weak or duplicate passwords in the past, especially with the multitude of apps and services we use on a daily basis, but, when it comes to securing something as important as your company’s data, you need to employ a robust password policy.
CloudM allows you to specify the minimum number of characters and what characters need to be used to make up a password (e.g. minimum lower and upper case characters, special characters, numbers and spaces).
Additionally, thanks to Organizational Units and Smart Teams, you can set different policies for groups of employees. This means that you can make sure that administrator passwords are stronger than a basic user password (to safeguard more of your critical business processes).
Unfortunately, even the strongest passwords can wind up in the wrong hands - a disgruntled former employee who you shared your password with previously, or a hacker guessing a weak password after some social media detective work - so it is even more important to make sure that the person attempting to login is genuine.
You can do that by adding a manual step that can only be completed (verified) by the individual.
2-Step Verification (also known as 2FA or 2 Factor Authentication) is a security feature that requires a user to complete 2 steps in order to login. The user must provide a valid password and then use another personal contact method to verify that they requested access.
Therefore, if a user's password is compromised, anyone else looking to access the account would be blocked (regardless of whether they entered the correct password or not).
It is quick and easy, usually consisting of simply pressing a button to confirm a login request or entering a code sent to their personal phone, but adds another level of protection to your domain and helps to give you peace of mind that your data is safe and secure.
Alternatively, for Google Workspace domains, we offer our own SSO functionality which can be setup to control access to Google Workspace and other SAML apps.
One of the most common methods that hackers use to access applications and services is a Brute Force Attack, which is basically attempting to login as many times as possible, with different variations of a password, until one of them is successful.
CloudM allows you to limit the number of times that a user can unsuccessfully attempt to log in to your domain before they are frozen out. You can also set the amount of time that the user is blocked so that you can spot the attack and take action.
Additionally, you can enable a CAPTCHA prompt after a number of unsuccessful attempts to ensure that it is a human trying to login to your domain, and not a bot.
With more people working from home, there can be the temptation to work longer hours - the extra hour at night, the time that would normally be used up by their commute.
Whilst this isn’t necessarily an issue in itself, you may want to limit the times that your employees can access your domain via CloudM to stop human error outside of the hours that you can support. Do you want to get the call that half your users have been suspended at half past 2 at night?
Also, if the occasional extra hour before or after business hours turns into employees consistently working for longer, you may wish to limit access to CloudM
Just like limiting the access time, you can also set a list of countries and IP addresses that you allow access from to make sure that only your employees are able to access your domain via CloudM.
You can set up by Organizational Unit or Smart Team too so you can tailor the policy for the members within that group. For example, you may want to limit your UK Marketing team so that they can only access CloudM in the UK (and any country they may need to visit as part of their role).
You may also want to make sure that your administrators can only access CloudM from a whitelist of allowed IP addresses. If a hacker attempts to circumvent the country restriction policy using a VPN, it is unlikely that they will also be assigned an IP address within the required range(s).
Although we are all looking forward to getting back to the office and the social interactions it provides, some elements of remote working are here to stay (looking to linger much longer than the pandemic itself) as employees express a desire to work from home on a more regular basis.
This means that the security features mentioned above (and the security threats posed by a remote workforce) won’t simply become irrelevant with the final round of vaccinations. They are here to stay for the rest of 2021, 2022 and the foreseeable future so it is vital to put together a policy that blends several of these features (for example, stronger password creation for admins coupled with a block on access from non-approved IP addresses) to meet your company’s needs.
For more information on how CloudM works to protect your domain, visit our Knowledge Base.
You can also watch out the latest webinar on Role-Based Access which details how you can Empower your people whilst keeping your data secure