How to protect your Office 365 data

By Peter Lambert | November 19, 2018

1811_O365data_i597931354_1200wOffice 365 is a complete cloud solution that allows you to store thousands of files and collaborate on them, too. In addition to its productivity features, the service comes with security and compliance solutions that will help businesses avoid the crushing financial and legal repercussions of data loss. However, even with its comprehensive security tools, the service has some data security risks that need to be addressed. The following tips will keep your business data private and secure.

Take advantage of policy alerts

Establishing policy notifications in Office 365’s Compliance Centre can help you meet your company’s data security obligations. For instance, policy tips can warn employees about sending confidential information anytime they’re about to send messages to contacts who aren’t listed in the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices

Since personal smartphones and tablets are often used to access work email, calendar, contacts, and documents, securing them should be a critical part of protecting your organisation’s data. Installing mobile device management features for Office 365 enables you to manage security policies and access permissions/restrictions, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multi-factor authentication

Don’t rely on a single password to safeguard your Office 365 accounts. To reduce the risk of account hijacking, you must enable multi-factor authentication. This feature makes it difficult for hackers to access your account since they not only have to guess user passwords, but also provide a second authentication factor like a temporary SMS code.

Apply session timeouts

Many employees usually forget to log out of their Office 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorised users unfettered access to company accounts, allowing them to steal sensitive data. By applying session timeouts to Office 365, email accounts, and internal networks, the system will automatically log users out after 10 minutes, preventing hackers from opening company workstations and accessing private information.

Avoid public calendar sharing

Office 365’s calendar sharing features allow employees to share and sync their schedules with their colleagues. However, publicly sharing this information is a bad idea because it helps attackers understand how your company works, determine who’s away, and identify vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash malware on unattended computers.

Employ role-based access controls

Another Office 365 feature that will limit the flow of sensitive data across your company is access management. This lets you determine which user (or users) have access to specific files in your company. For example, front-of-house staff won’t be able to read or edit executive-level documents, minimising data leaks.

Encrypt emails

Encrypting classified information is your last line of defence to secure your data. If hackers intercept your emails, encryption tools will make files unreadable to unauthorised recipients. This is a must-have for Office 365, where files and emails are shared on a regular basis.

While Office 365 offers users the ability to share data and collaborate, you must be aware of potential data security risks at all times. 

1811_biz_tech_review_i841180016_1200w

Talk to our team

Our Business Technology Managers are ready to engage with you to help manage your Office 365 tenancy and its security. For more information or assistance, give us a call on 1300 307 907 or contact us via the form below..

 

Contact us today

 

 Published with permission from TechAdvisory.org. Source.

TAGS: IT Security, Tech Trends and Tips

About the Author
Peter Lambert

Presales Consultant, Carrier Solutions Specialist & Security Blogger @ Diamond IT - I have over 25 years of experience in Information & Communications. My range of skills is diverse and includes extensive experience in desktop solutions, server and network presales and administration, VOIP phone systems, journalism, creative writing, technical writing, digital videography and audio visual streaming. I hold a Certificate IV in Training and Assessment, and I am an experienced classroom trainer and course coordinator. I hold an Advanced Diploma in Network Security, a Diploma in Network Administration, and a Certificate IV in Networking. I am a Cisco Certified Network Associate (CCNA) and Microsoft Certified Solutions Associate (MCSA).