Safety tips for your (admin) identities

Summer is here, sun is shining, and malicious phishing activities increase towards holidays. Here’re few tips how to protect yourself, your company and your customers and partners against cyber attacks.

1. Store your passwords in secure place! For example 1Password or similar service is a good option.
   
   
2. Update your (admin) account passwords with complex, secure ones.
   – Use for example 1Password for generating 20+ characters long complex passwords. If you need to use word-ish passwords (e.g. you cannot copy-paste), use 3-4 random words, mixed with numbers or special characters, use language other than english and preferably dialect words.
   
   – Always use unique passwords for each account. Attackers usually try to reuse known passwords. If your “normal” account and admin account are both having the same password, attacker can simply continue as admin after getting the password of the normal account.
   
   
3. DO NOT accept sudden unexpected MFA requests unless you’re signing in!!! In case of suspicious MFA:
   – DO NOT accept the request!
   – Change your password immediately
   – Inform organization admins (or security people, SOC etc) of suspicious activity
   
   
4. Check out if you have partners who have an admin account in your system that is not needed anymore; disable or delete them.
   
   
5. Review your own admin roles for each admin account and use the least privileged role.
   
   
6. Request admin role removal if you don’t need the role anymore/currently.
   

And when all above done and ok, enjoy the summer!

Need help?

Take advantage of our help and expertise! Microsoft 365 customers have the best chance of ensuring the safe management of Azure, endpoint security, end-user identities and the safe use of M365 services and other enterprise applications. Read more about our security services, get in touch with us and start leveraging the security of the cloud in your environment!

• Employees and security
• Information security
• Phishing