The Challenge
- Phishing email harvested a credential; account was used briefly before being noticed
- No MFA on Microsoft 365; legacy authentication still enabled
- Endpoint protection was the default Windows tool with no central management
- Backups configured but never test-restored and not isolated from production credentials
- Cyber insurance renewal questionnaire could not be answered honestly
Assessment
- Conducted incident triage: scoped account access, reset credentials, reviewed sign-in logs
- Performed Microsoft 365 tenant security review (Secure Score and manual control review)
- Reviewed endpoint coverage and patch status across all clinic workstations
- Reviewed backup configuration and retention against PHIPA and ransomware scenarios
The Solution
- Enabled MFA tenant-wide and rolled out conditional access policies
- Disabled legacy authentication and tightened external-sharing defaults
- Deployed centrally managed EDR (Intercept X) on every workstation and server
- Implemented advanced email filtering and anti-impersonation policies
- Redesigned backup with Veeam + immutable cloud repository and isolated credentials
- Documented controls in a single security baseline document for insurance and PHIPA review
Results
100%
MFA enforcement across staff, contractors, and admins
0
legacy authentication sign-ins after policy enforcement
Immutable
backup retention defending against ransomware
Yes
cyber-insurance renewal questionnaire answered honestly across all controls
Technologies Used
- Microsoft 365
- Conditional Access
- Sophos Intercept X (EDR)
- Veeam Backup
- Email Security