Office 365 - Are you secure?

By Peter Lambert | September 3, 2019

1908_o365_security_i458114779Microsoft’s Office 365 is one of the most powerful business productivity tools today. This cloud-hosted suite lets users work anywhere and collaborate easily. Although it’s undoubtedly useful, Office 365 may present a few security challenges that businesses must address.

Vulnerabilities in SharePoint

Businesses typically use SharePoint Online and on-premises SharePoint sites to store sensitive data like personally identifiable data. Failing to secure SharePoint content against unauthorised users is one way to expose data and your business to malicious actors. For companies that have to comply with regulatory authorities, there are serious consequences to data privacy non-compliance.

To prevent this, limit administrator-level privileges and enable encryption. Set the necessary security restrictions per user for every application.

Unprotected communication channels

Launching phishing attacks and installing malware are two of the most common ways to hack into a system, but there are other paths of attack. Office 365 features like Skype for Business and Yammer, both of which connect to external networks, may serve as a medium for ransomware and other types of attacks.

Train your staff to identify potentially malicious files and URLs. Offer guidelines on how to handle and route sensitive files and communication to safe locations.

Security risks in dormant applications

Organisations using Office 365 won’t use all applications in it. You may use one or several programs like Word, Excel, and SharePoint but rarely use OneDrive. Businesses and users that have not been utilising specific programs should note that some dormant applications may be prone to attacks. This is why it’s crucial to identify the apps that aren’t being used, and have an administrator tweak user settings to restrict availability on such apps.

File synchronisation

Like Google and other cloud services providers, Office 365 allows users to sync on-premises files to the cloud such as in OneDrive. This useful feature is not without security risks, however. If a file stored in an on-premises OneDrive is encrypted with malware, OneDrive will view the file as “changed” and trigger a sync to the OneDrive cloud, with the infection going undetected.

Office 365 Cloud App Security, a subset of Microsoft Cloud App Security, is designed to enhance protections for Office 365 apps and provide great visibility into user activity to improve incident response efforts. Make sure your organization’s security administrators set it up on your systems so you can detect and mitigate dangers as soon as possible.

Cybercriminals will continue to sharpen their hacking techniques, and your organization must keep up to protect your systems, apps, and devices.

Need help with security?

Securing your Office 365 installation against attack or data loss is an important part of your 'security fabric'. Our Technology Consultants and Business Technology Managers (BTMs) can assist you with ensuring your systems are secure, and we have available an additional backup service that goes beyond Office 365's standard 30 day retention period.

If you need advice, give us a call on 1300 307 907 or contact us via the form below.

Cybersecurity and Data Awareness eBook

 

LET'S TALK

 

 Published with permission from TechAdvisory.org. Source.

TAGS: Tech Trends and Tips, Business Value, IT Security, Infrastructure Solutions

About Peter Lambert
Peter Lambert

Marketing specialist and technical blogger @ Diamond IT - I have over 25 years of experience in Information & Communications systems. My range of skills is diverse and includes extensive experience in desktop solutions, server and network presales and administration, VOIP phone systems, journalism, creative writing, technical writing, digital videography and audio visual streaming. I hold a Certificate IV in Training and Assessment, and I am an experienced classroom trainer and course coordinator. I hold an Advanced Diploma in Network Security, a Diploma in Network Administration, and a Certificate IV in Networking. I am a Cisco Certified Network Associate (CCNA) and Microsoft Certified Solutions Associate (MCSA).