Office 365 - Are you secure?

By Samantha Cordell | September 3, 2019

1908_o365_security_i458114779Microsoft’s Office 365 is one of the most powerful business productivity tools today. This cloud-hosted suite lets users work anywhere and collaborate easily. Although it’s undoubtedly useful, Office 365 may present a few security challenges that businesses must address.

Vulnerabilities in SharePoint

Businesses typically use SharePoint Online and on-premises SharePoint sites to store sensitive data like personally identifiable data. Failing to secure SharePoint content against unauthorised users is one way to expose data and your business to malicious actors. For companies that have to comply with regulatory authorities, there are serious consequences to data privacy non-compliance.

To prevent this, limit administrator-level privileges and enable encryption. Set the necessary security restrictions per user for every application.

Unprotected communication channels

Launching phishing attacks and installing malware are two of the most common ways to hack into a system, but there are other paths of attack. Office 365 features like Skype for Business and Yammer, both of which connect to external networks, may serve as a medium for ransomware and other types of attacks.

Train your staff to identify potentially malicious files and URLs. Offer guidelines on how to handle and route sensitive files and communication to safe locations.

Security risks in dormant applications

Organisations using Office 365 won’t use all applications in it. You may use one or several programs like Word, Excel, and SharePoint but rarely use OneDrive. Businesses and users that have not been utilising specific programs should note that some dormant applications may be prone to attacks. This is why it’s crucial to identify the apps that aren’t being used, and have an administrator tweak user settings to restrict availability on such apps.

File synchronisation

Like Google and other cloud services providers, Office 365 allows users to sync on-premises files to the cloud such as in OneDrive. This useful feature is not without security risks, however. If a file stored in an on-premises OneDrive is encrypted with malware, OneDrive will view the file as “changed” and trigger a sync to the OneDrive cloud, with the infection going undetected.

Office 365 Cloud App Security, a subset of Microsoft Cloud App Security, is designed to enhance protections for Office 365 apps and provide great visibility into user activity to improve incident response efforts. Make sure your organization’s security administrators set it up on your systems so you can detect and mitigate dangers as soon as possible.

Cybercriminals will continue to sharpen their hacking techniques, and your organization must keep up to protect your systems, apps, and devices.

Need help with security?

Securing your Office 365 installation against attack or data loss is an important part of your 'security fabric'. Our Technology Consultants and Business Technology Managers (BTMs) can assist you with ensuring your systems are secure, and we have available an additional backup service that goes beyond Office 365's standard 30 day retention period.

If you need advice, give us a call on 1300 307 907 or contact us via the form below.

Cybersecurity and Data Awareness eBook

 

LET'S TALK

 

 Published with permission from TechAdvisory.org. Source.

TAGS: Tech Trends and Tips, Business Value, IT Security, Infrastructure Solutions

About Samantha Cordell
Samantha Cordell

Group Marketing Manager @ Diamond IT - Samantha (Sam) fell into the IT Industry after studying a combination of computer science and marketing at Uni, starting in Operations with the now decentralised Cabletron Systems. Over the next 20 years Sam undertook various marketing roles within Intel, Microsoft and Cisco Systems before moving to Newcastle for a sea-change working for Wine Selectors. “Not able to stay away from the IT Industry I jumped at the chance to join the Diamond team. I am excited to drive the marketing strategy for Diamond’s range of services including Managed Services, Software Development and Telecommunications.”