This month’s live webinar was a success!
Daniel Lenerville and Edward Stringfellow discussed cybersecurity and the latest HHS guidelines for healthcare groups. Welcome to Daniel on his first appearance on the webinar, I am delighted to have him on the show and at the company. His depth and breadth of knowledge from his years of working with Fortune 100 Companies will be appreciated by the clients we work with. Here is the video recap and transcript below.
Here is a summary of the conversation:
- Daniel and Edward discussed the importance of cybersecurity in healthcare and how to utilize Microsoft 365 to minimize security threats. They highlighted the need for a cybersecurity strategy that involves everyone in the organization and emphasized the five different threat levels to consider.
- Edward and Daniel discussed cyber security and specifically went through Microsoft 365 and some things that can be done in the healthcare practice setting to make it more secure.
- Daniel and Edward discussed the importance of cybersecurity in healthcare. Daniel shared that 66% of healthcare entities had some form of ransomware attack and emphasized the need for policies, procedures, and infrastructure components to secure endpoints.
- Daniel discussed the importance of having a cybersecurity strategy that creates depth and defense layers within an organization. He highlighted the five different threat levels, including social engineering, ransomware, compromised credentials, theft of equipment, and accidental or malicious data loss.
- Edward discussed practical ways to minimize security threats in the Microsoft 365 environment.
- Edward talked about 365 initial configuration review, global administrators, and MFA. He also discussed the importance of guest access and third-party applications. Daniel added that the correct licensing is essential for having the right 365 tools. They recommended Microsoft Business Premium for back-office users and F3 for frontline workers.
- Edward discussed the importance of conducting an initial configuration review for Microsoft 365. He emphasized the need to keep up with the changes in the application and ensure that the global administrator account is not used for basic MFA.
- Edward discussed the importance of having the right Microsoft licensing to ensure the correct 365 tools are available. He also emphasized the need to improve the security score, which can be done by following some basic steps.
- Edward provided an overview of Office 365 and emphasized the importance of having the correct licensing to access security and advanced features.
- Edward talked about 365 security baseline and how it is a set of best practices and configurations that deliver actual security. He explained that conditional access is a better security measure than just using a username and password.
- Edward presented the Microsoft 365 security baseline, which is a set of best practices and configurations that deliver actual security.
- Edward and Daniel discussed the security baseline for Stringfellow. They suggested blocking access to systems outside the US unless there is a business case for it. They also discussed passwordless authentication, which involves using a physical token to log in instead of a password.
- Edward talked about 4 key things related to Microsoft 365. Firstly, he discussed the evolution of Advanced Threat Protection to Microsoft Defender for Office, which is a spam and phishing protection tool.
- Edward discussed the evolution of Microsoft Defender for Office, which is now a spam, email, and phishing protection tool. He explained that third-party solutions are no longer necessary and can even cause security holes.
- Edward discussed the importance of having proper licensing and a compliant device model to ensure security when accessing corporate systems. Daniel added that large organizations have rigid policies to maintain consistency and compliance.
- Edward and Daniel discussed end user security and how to reduce the risk of phishing attempts. They emphasized the importance of education and training for users, and highlighted the need for a security strategy and the right tool sets. They also discussed the continuous nature of security and the importance of having a plan and the right partner.
- Daniel discussed the importance of end user security and how education can help reduce the risk of phishing attempts. He suggested that training should not be limited to annual training but should also be conducted after a compromised or failed phishing attempt.
- Edward and Daniel discussed the importance of having a security strategy and plan in place to stay ahead of potential threats. They emphasized the need for the right tool sets, licensing, standards, policies, and an operational team to implement those things systemically.
- Edward emphasized that turning on new technology is not enough to impact users and that a rollout plan is necessary.