The U.S. federal government has joined Target, Home Depot and Sony as the latest major organization to report that their systems have been breached by hackers. The damage? Notifying up to 4 million current and former federal employees that their personal financial data may have been compromised.

Gone are the days when IT could simply build up a massive, defensive wall of protection and believe that the data living behind it would be safe from attack. Organizations now need to shift their security strategies from “if” to “when” their systems will be breached— and design their cybersecurity plan accordingly.

According to a 2014 report by the Ponemon Institute, a research organization specializing in privacy, data protection, and information security, some 43% of companies experienced a data breach in the preceding year. Michael Bruemmer, vice president of credit information company Experian’s data breach resolution group and sponsor of the report, cites employee negligence as a root cause of some 80% of the breaches identified in the report.

Today, mobility is the new normal, and 33% of employees who typically work on employer premises also frequently work away from their desks. It is essentially impossible for companies to maintain complete control of their data in this environment, so what is IT to do? Microsoft may have a solution that will work for you.

Microsoft’s Enterprise Mobility Suite (EMS) is a set of tools that combine identity management, mobile device and application management, access and information protection, and desktop virtualization to maximize data security in the mobile-enabled workplace. As a badged consultant for Microsoft, I have the opportunity to see these tools in action every day when I access Microsoft’s internal network, and assess their effectiveness firsthand.

The first of these tools, Azure Active Directory (AD) Premium, provides identity management. When accessing Microsoft’s network from my Red Level- managed PC, I am directed to the Office 365 portal and prompted to login using my smartcard or my username and password. Security policies on my PC prohibit smartcard use, so I opt to login with my username and password. The system then informs me that it needs additional information to verify my account, and I then receive an automated call to my mobile phone asking me to enter my security PIN (a 6+ digit code). I am only granted network access when the PIN is correctly entered.

Additional tools provide added security after login. Azure Rights Management manages access to specific files, classes and types of information, preventing unauthorized access, copying, sharing, or modification. Azure Rights Management delivers file-level protections that live within the file, and can prevent a user from editing, printing, sharing, or even opening a file regardless of where the file actually exists. Even if copied to a USB drive or sent to a personal email address, unauthorized users are prevented from using it in any way without appropriate permissions and a valid account – an important safeguard concerning employees who no longer work for the company. 

Of course, there is a lot more to cybersecurity than identity and access management or information protection, but EMS is a powerful tool in the fight against hackers and data breaches. To learn more about EMS or other advanced security options, schedule a briefing with a Red Level representative. We’ll help make sure that your organization doesn’t become a “breaking story.”