Start Your Day

Good morning. Please prove it's really you.

Before the first spreadsheet opens, your identity layer needs to be airtight. Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Passkeys work together like the world's pickiest bouncer.

Single Sign-On (SSO)

One login opens your entire authorized app stack. Net Friends integrates SSO directly with your Microsoft 365 environment, from Outlook to your line-of-business apps.

Multi-Factor Authentication (MFA)

That second factor is your last line of defense before an attacker reaches your data.

Passkeys

The next evolution in authentication. Passkeys replace traditional passwords with device-bound cryptographic credentials, making phishing attacks effectively impossible. Paired with SSO, your team gets a seamless and nearly unbreakable login experience.

Net Friends Pro Tip — Audit your app stack for SSO compatibility and pair it with a single MFA provider like Microsoft Authenticator and Azure Active Directory.

Checking Email

Your inbox is the most popular attack surface in the building.

Social engineering drives roughly 98% of cybersecurity attacks, and most start with a single email. Your defenses work on two levels.
‍
The technical layer, DMARC, DKIM, and SPF authentication paired with AI-powered filtering, intercepts most malicious traffic before it reaches an inbox. But no filter catches everything, and attackers know it.

That is where your team comes in. Untrained humans are the weakest link, but Security Awareness Training paired with phishing simulations transforms your people into your strongest and most adaptive defense. A team that spots suspicious emails, pauses before clicking, and reports what they see is worth more than any tool in your stack.

DMARC, DKIM and SPF Email Authentication

These three protocols verify that emails claiming to be from your domain are authentic, stopping spoofed messages before they reach your team.

AI-Powered Email Filtering

Machine learning analyzes message patterns, sender behavior, and content in real time, catching phishing and business email compromise attempts that traditional filters miss.

Security Awareness Training and Phishing Simulations

Regular training keeps your team sharp, and simulated phishing campaigns give them safe, real-world practice spotting attacks.

Net Friends Pro Tip — Net Friends implements email filtering and staff training, and monitors effectiveness over time.

The coffee shop Wi-Fi does not love you back.

Grabbing a meeting while you are out.

Without a VPN, working from a café, airport, or even home network means your traffic is potentially visible to anyone on that connection. A VPN creates an encrypted tunnel between your device and your company's infrastructure, keeping sensitive data unreadable.

Here is the catch most businesses miss: a VPN only works if it is engaged. Giving employees the option to connect is practically the same as giving them no VPN at all. Net Friends strongly recommends automatic and mandatory VPN connections. And for Microsoft 365 users, your Outlook, SharePoint, and Teams traffic must be explicitly configured through your firewall. It does not route through VPN protections by default.

VPN Best Practices

Choose a business-grade VPN with strong encryption, a no-logs policy, and automatic activation. Free VPNs carry significant hidden risks including leaked data, trackers, and malicious software. Invest in something your whole team can rely on.

Optimized for Anywhere Operations

Four essentials for a remote-ready VPN: automatic always-on activation, proper Microsoft 365 traffic routing, coverage for cloud apps like Slack and Salesforce, and business-grade hardware on every remote workstation. Half-measures leave half your team exposed.

On the Road Security

Keep your VPN active on airport, hotel, and in-flight networks. Avoid sensitive transactions on public Wi-Fi, and make sure devices have screen locks and full-disk encryption in case of loss or theft.

Work-From-Home Policy

A clear WFH policy sets expectations for approved hardware, Wi-Fi requirements, and what to do when a connection drops. It is the difference between a productive remote team and a security gap waiting to happen.

Net Friends Pro Tip — Treat VPN as infrastructure, not a suggestion. Automatic always-on activation and mandatory Microsoft 365 traffic routing close the gaps that optional setups leave wide open.

Collaborate

Everyone gets the files they need. Nobody gets the files they shouldn't.

Microsoft 365 and Google Workspace are powerful collaboration platforms and surprisingly easy to misconfigure. Proper permissions, sensitivity labels, and access governance keep your teamwork productive and your data in the right hands.

Microsoft 365, creating a new group automatically spins up a linked SharePoint site, meaning your groups’ permissions directly control what SharePoint users can see and edit.
Google Workspace, shared drives carry their own access tiers separate from individual My Drive permissions.

Understanding those tiers before a project launch saves you from a data exposure headache later.

The golden rule is least privilege: every person gets access to exactly what they need, and nothing more.

External guest access on both platforms should be reviewed regularly as old project partners with open invitations are a quiet but real risk.

Tiered Permissions

Microsoft 365 runs from Owners to Members to Guests. Google Workspace shared drives run from Manager down to Viewer. Getting this right from day one and reviewing them as projects evolve is the foundation of secure collaboration.

Sensitivity Labels and Data Classification

Microsoft Purview labels classify documents, emails, and SharePoint sites automatically, encrypting files or restricting sharing based on your policy. Google Workspace data loss prevention rules and drive labels enforce the same protection on the Google side.

Guest Access Reviews

Every external guest is a door left ajar. A quarterly access review ensures you know exactly who still has access and lets you remove anyone whose project has wrapped up.

Net Friends Pro Tip — In SharePoint, change your default sharing link from "Anyone with the link" to "People in your organization." In Google Workspace, restrict external sharing at the shared drive level for sensitive content. One setting change on each platform dramatically reduces your accidental oversharing risk.

Let's Use AI.

AI is a brilliant assistant. Treat it like one.

AI tools can supercharge your productivity. They can also surface data you did not mean to share if your permissions and policies are not in good shape first.

Smart AI adoption starts with getting your data house in order.

Microsoft 365 Copilot is deeply integrated into Word, Excel, Outlook, Teams, and PowerPoint, drafting documents, summarizing meetings, and automating the tedious parts of your day. Its core security feature is that it strictly respects your existing Microsoft 365 permissions.
Google Workspace does the same with Gemini, woven into Gmail, Docs, Sheets, and Meet with identical logic.

Neither tool can surface data a user is not already authorized to see. The challenge is that most organizations have accumulated years of loosely managed permissions and inconsistently labeled files. Copilot and Gemini reflect the gaps at AI speed.

For public-facing AI tools, a different set of rules applies. Many free consumer AI assistants use your inputs to train their models, meaning confidential business plans, client details, and proprietary information pasted into a prompt can end up in a public AI's training data.

The rule is simple and non-negotiable: never input sensitive, proprietary, or personally identifying information into a public AI system.

Microsoft Copilot and Google Gemini Security

Before enabling either tool broadly, audit your permissions, clean up over-shared files, and apply sensitivity labels. Both tools are only as secure as the data environment they operate in, and a well-governed environment makes them extraordinary productivity multipliers.

Data Privacy for AI Users

Opt-out of model training in your settings, delete chat history regularly, and disable unnecessary permissions. For anything sensitive, use an enterprise tool that guarantees your data stays within your organization's walls.

Net Friends Pro Tip — An AI Acceptable Use Policy sets clear expectations for which tools are approved, what data can and cannot enter an AI prompt, and how employees should handle AI-generated content before sharing it. A short policy document today prevents a significant data incident tomorrow.

Our AI Resources Page digs deeper into these topics and more.

Every device is a door. Make sure all of them have deadbolts.

Stay Secure All Day

Laptops, phones, tablets, and servers are all endpoints, and each one is a potential entry point for a threat actor.

Modern endpoint protection goes far beyond antivirus, combining behavioral detection, automated response, and human expertise into a layered defense that runs around the clock.

Traditional antivirus compares files against known threats, which works fine until a brand-new threat appears. Endpoint Detection and Response (EDR) fills that gap by continuously monitoring device behavior, flagging suspicious activity, and quarantining devices automatically before damage spreads. Managed Detection and Response (MDR) takes it further by adding human security analysts and a 24x7 Security Operations Center. For organizations without a dedicated security team, MDR delivers enterprise-grade threat hunting as a service.

Underneath all of this, the basics still matter. Keeping operating systems and software patched and up to date closes the vulnerabilities that attackers actively hunt for. Full-disk encryption means a lost or stolen laptop does not become a data breach.

EDR

Continuous behavior-based monitoring across all your endpoints, detecting zero-day and fileless attacks that traditional antivirus misses, isolating compromised devices automatically, and giving your team the forensic data to understand exactly what happened.

MDR

EDR technology paired with a team of security experts and a 24x7 SOC that hunts threats, investigates alerts, and responds to incidents on your behalf, without the overhead of building an in-house team.

Patches, Updates and Encryption

Automating OS and software updates, enabling full-disk encryption, and enrolling all devices in MDM keeps your endpoint hygiene consistently strong, not just when someone remembers to check.

Your Perfectly Secure Day