Are you prepared for heightened cyber threats? Here is what Core is doing and you what you should consider too.
In the current circumstances of heightened threat and concerns around the increased cyber-attacks in Europe, we at Core would like to reassure our customers of the steps we have taken to ensure the security of both our own and our customers’ environments.
In line with the key areas highlighted by the National Cyber Security Centre, (NCSC), this document is an overview of our approach to, and recommendations regarding, these key security areas.
Patching
Core deploys a rigorous schedule of patching of vulnerabilities and application updates, both on our own environments and for those of our customers whose environments we manage.
Regular scans are deployed on our own and managed customer environments, identifying any missing patches for remediation. We use specific tools to ensure our systems, and the systems we manage for customers, are patched and up to date.
We strongly recommend organisations take an uncompromising approach to ensuring all devices, including end user devices, are up to date and patched; and that any vulnerabilities identified are addressed without delay.
Access Controls
At Core, we follow best practice for strong access controls with regard to our internal systems and recommend customers review their tenants to ensure access is limited only to those requiring access.
We operate a strict policy on privileged and service accounts to ensure that if a user’s standard account is compromised, this does not present a threat through their privileged access to ours, or our customer platforms. MFA is also mandatory for all privileged access.
Our baseline policy recommendation for customer environments is to enable proper Role-Based Access Control, MFA and Conditional Access policies to monitor and manage access. We will be further reviewing those tenants we manage for our customers to confirm and highlight areas where Access Controls can be improved for our customers’ environments.
Breach Prevention Protections
Antivirus and Anti-malware managed by Core is up to date and deployed across all devices. If your device security is not managed by Core, please check with your appropriate supplier.
We recommend you ensure end users are installing pending updates and make it mandatory to ensure no entry points are left undefended. We have advised customers where there are known vulnerabilities already, and we would recommend customers review this information.
Logging and monitoring
Infrastructure devices such as network devices (switches, firewalls, access points) and servers are fully monitored; and alerts and warnings are addressed in a timely manner.
Alerting is configured to identify and advise on any unexpected deviations from normal service operations, which assists us to address any unusual behaviour that may indicate an issue.
Backups
We run appropriate backup strategies for all services that we provide to customers. Backup integrity and restore capability is checked daily for mission critical services.
For customers’ own environments, the level of backup and restore capability will be defined by the customer’s requirements. Core recommends all customer-run backups be monitored for failures and immediate remediation.
Customers wishing to explore additional backup and restore options for their environments should contact their Core Account Manager.
Incident planning
Core as an MSP, has incident, major incident, and security incident processes and procedures, and encourages customers to have published processes in a location accessible to your key employees for rapid use. We suggest you encourage employees to read, understand and feedback on documented processes.
External Access
We defend external entry points into our environments and for those of our customers whose environments we manage, through a comprehensive range of breach prevention measures. MFA is used on all management platforms, and we recommend you ensure MFA is activated to secure entry points to your environments as well.
If Core is not currently managing your network, please check with your relevant supplier.
Phishing Attacks
Ingress points are most likely end-user devices and Core recommends awareness training for users, such as highlighting phishing attacks.
We have enabled all available tools in the M365 E5 suite to aid in the prevention of attempted phishing attacks reaching Core staff users. We undertake regular staff training to ensure that our team can recognise phishing emails and run regular test attacks to highlight areas where further training is needed.
Customers using M365 E3 and above have access to tools that will help to reduce some of the risks associated with phishing attacks through blocking emails, attachments and malicious links. Core’s standard approach is to enable these tools for customers who are under our management, but please check your documentation to confirm if these have been enabled.
For customers that are not under Core management, or want to enable these tools, please contact your Core Account Manager or email hello@core.co.uk to speak to a member of our team about increased IT security.
Third-Party Access
Core manages all third-party accesses into its systems in line with best practice. All contractors are required to have a Core identity and MFA is mandatory for all accesses. More information is provided above under ‘Access Controls’.
As a key Microsoft Partner, we would also point our customers to Microsoft’s website for updates on measures being taken to support the platform as events unfold in Europe.