How Microsoft’s Data Security Initiatives Are Helping SMEs and SMBs To Work From Home?

One by one the world fell into a lockdown announced by COVID-19 affected countries and a month after, it continues to be quiet on the streets. Businesses have moved to working from home despite most of their operations being shut. IT tech giant Microsoft has been one of the first few companies to understand the gravity of the COVID-19 situation and announced work from home before the lockdown. 

The company has also actively taken a few initiatives to lend its support in tackling the pandemic. Talking to Radhika Udas, Microsoft’s spokespersons – Jared Spataro has shared some valuable insights and suggestions for small businesses to cope with this pandemic and stay afloat. There are also some glimpses of posts by Satya Nadella that answer prominent questions. 

• Technology has played a very important role at the time of a pandemic. How are Microsoft’s employees managing ‘Work from Home’?

At Microsoft, our top concern has been the wellbeing of our employees during this challenging time. Our employees have always been empowered to stay productive and connected by using our productivity tools when they need to work remotely. Over the past few weeks, we have transitioned to a virtual workplace seamlessly for nearly all our operations. 

We designed Teams as a virtual office you can take anywhere you go. While you may not have a printer, physical files, or a desk phone at home, you can pull up documents directly in Teams, securely store files where the right people can access them, and quickly jump into calls and meetings. Our Core Services Engineering and Operations (CSEO), our internal IT team that builds and operates the systems that run Microsoft, have spent the past few years transforming end-user productivity across the company. 

• Could you tell us about some initiatives Microsoft has taken with regard to the COVID-19 situation?

On March 5, Microsoft reaffirmed its commitment to customers during COVID-19 in a blog post by Jared Spataro, Corporate Vice President for M365. Microsoft Teams is available for free for everyone for the next six months, even without an O365 licence. 

In a letter to employees that was later published on LinkedIn on March 22, Microsoft CEO Satya Nadella wrote about how we are coming together to combat COVID-19. The post mentions how we are working with our customers, partners, governments and communities during these difficult times.

• Cybercrime feeds of vulnerability and with the COVID-19 outbreak, is on a rise. How are you ensuring cybersecurity with almost all of your staff working from home?

At Microsoft, privacy and security are never an afterthought. It’s our commitment to you—not only during this challenging time, but always. 

For cybersecurity, we’re using our AI and human intelligence capabilities to stop attacks designed to take advantage of the angst caused by the virus. For example, as part of a recent spear-phishing campaign, attackers created emails to look like legitimate supply-chain reports related to COVID-19. Office 365 Advanced Threat Protection identified and blocked the attack in transit and shared signals with the Microsoft Defender service to protect all our customers.

It is estimated that 91 percent of cyberattacks start with an email, which either leads to malicious links directly or which contains dangerous attachments. That’s why the first line of defense is doing everything we can to block malicious emails from reaching employees in the first place. A multi-layered defense system that includes machine learning, detonation, and signal-sharing is key in our ability to quickly find and shut down email attacks.

If any of these mechanisms detect a malicious email, URL, or attachment, the message is blocked and does not make its way to the inbox. All attachments and links are detonated (opened in isolated virtual machines). Machine learning, anomaly analyzers, and heuristics are used to detect malicious behavior. Human security analysts continuously evaluate user-submitted reports of suspicious mail to provide additional insights and train machine learning models. 

As more organizations adapt to remote work options, supporting employees will require more than just providing tools and enforcing policies. There’s also the human side of all of this. Now is a good time to be diligent, so be clear on what official communications about business continuity and health and safety should look like and from where they should originate. Establishing a clear communications policy also helps employees recognize official messages.

• How would you suggest startups and small businesses maintain their data security?

Small and medium-sized businesses (SMBs), already hit hard by the impact of the outbreak, will feel the effects of this the most. Already we’re witnessing their entrepreneurial spirit in action as restaurants pivot to delivery businesses, in-person services swiftly switch to digital solutions, and online retail stores go live overnight.

We understand that as an SMB you can’t afford to be out of touch. We know that you need to continue to service your existing customers, pitch new business, meet with employees, and do whatever it takes to keep your company running. That’s why we’re making Microsoft Teams available for everyone, even organizations that don’t have Office 365.

While employees in this new remote work situation will be thinking about how to stay in touch with colleagues and coworkers using chat applications, shared documents, and replacing planned meetings with conference calls, they may not be thinking about cyberattacks. CISOs and admins need to look urgently at new scenarios and new threat vectors as their organizations become a distributed organization overnight, with less time to make detailed plans or run pilots.

As a leader in security, Microsoft processes more than 8 trillion security signals every day and uses them to proactively protect you from security threats. In Teams, we encrypt data in transit and at rest, storing your data in our secure network of datacenters and using Secure Real-time Transport Protocol (SRTP) for video, audio, and desktop sharing.

We protect your data and defend against cybersecurity threats 

• Encryption: Teams data is encrypted in transit and at rest. Microsoft uses industry standard technologies such as TLS and SRTP to encrypt all data in transit between users’ devices and Microsoft datacenters, and between Microsoft datacenters. This includes messages, files, meetings, and other content. Enterprise data is also encrypted at rest in Microsoft datacenters, in a way that allows organizations to decrypt content if needed, to meet their security and compliance obligations, such as eDiscovery.
• Data Loss Prevention: Data Loss Prevention prevents sensitive information from accidentally being shared with others.
• Sensitivity labels: Sensitivity labels allow you to regulate who can access a team by controlling the privacy and guest settings of the team.
• Advanced Threat Protection: Advanced Threat Protection helps protect users from malicious software hidden in files, including files stored in OneDrive or SharePoint.
• Cloud App Security: Cloud App Security provides you with tools to identify and mitigate suspicious or malicious activity, including the large-scale deletion of teams or addition of unauthorized users.

The single best thing all enterprises can do to improve security for employees working from home is to turn on multi-factor authentication (MFA): Employ MFA for all of the employees, all of the time. Remember that this works best if they also block legacy authentication protocols that allow users to bypass MFA requirements. If enterprises are unable to distribute hardware security devices, they can also use Windows Hello biometrics and smartphone authentication apps like Microsoft Authenticator.

While many employees have work laptops they use at home, organizations will likely see an increase in the use of personal devices accessing company data. Using Azure AD Conditional Access and Microsoft Intune app protection policies together helps manage and secure corporate data in approved apps on these personal devices so that employees can remain productive.

• Do you believe the ‘Work from Home’ model is here to stay even after the lockdown?

Jared Spataro says, “We believe that this sudden, globe-spanning move to remote work will be a turning point in how we work and learn. Already, we are seeing how solutions that enable remote work and learning across chat, video, and file collaboration have become central to the way we work. We have seen an unprecedented spike in Teams usage, and now have more than 44 million daily users,* a figure that has grown by 12 million in just the last seven days. And those users have generated over 900 million meeting and calling minutes on Teams each day this week.

It’s very clear that enabling remote work is more important than ever, and that it will continue to have lasting value beyond the COVID-19 outbreak. We are committed to building the tools that help organizations, teams, and individuals stay productive and connected even when they need to work apart.” in his blog. 

• Any words of encouragement you want to give to IT employees and leaders that are working relentlessly amidst the coronavirus outbreak? 

Microsoft CEO Satya Nadella in his LinkedIn post on March 22 mentioned that “We are steadfast in our mission to empower every person and every organization on the planet to achieve more. No one company is going to solve a challenge like this alone, and it’s going to take the private and public sectors working together to turn the tide on COVID-19. Our unique role as a platform and tools provider allows us to connect the dots, bring together an ecosystem of partners, and enable organizations of all sizes to build the digital capability required to address these challenges. During this extraordinary time, it is clear that software, as the most malleable tool ever created, has a huge role to play across every industry and around the world. Our responsibility is to ensure that the tools we provide are up to the task.”

The full post can be found here.