Appreciate if you could share your wisdom. We are a small business with 45 employees across four sites. Mixture of on site and on the road staff. Now all mostly working from hone.
We have a domain controller in house with all staff accounts syncd to Azure. Licenses are Office 365 business premium.
Internally we have a file & print server and application server. The network is an SD WAN with Meraki Mx67c devices on each remote site.
We are looking to tighten up security for both the internal infrastructure and cloud o365 accounts.
All synced account are MFA enabled. Users had the option of text, phone or authenticator app, most have chosen text.
I have disabled SMB v1 on all servers and ensured NLA is enabled and restricted only to support staff for RDP sessions.
We have reached out to a few vendors to perform security audits and quote for phishing simulations and ongoing security awareness training.
Also looking at enterprise subscription to bitwarden for password manager and duo for mfa for rdp.
What other areas should we focus on to tighten up security?