Securing Office 365

Posted by Philip Bindley

Office 365 has, understandably, become a key fixture in almost all offices; as well as plenty of time and investment dedicated to optimising user experience, Microsoft has put a lot of effort into helping businesses secure their Office 365 tenancy, as more organisations completely migrate their exchange infrastructure to the cloud.

It makes sense, then, to assume that security comes as a guarantee with all Office 365 software. Unfortunately, this is simply not the case. In fact, Microsoft is very clear that Office 365 customers are ultimately responsible for protecting and controlling access to their own data.

The platform is only offered alongside very basic security measures and doesn’t provide sufficient disaster recovery options. Like any other software, Office 365 is not infallible, so it’s important to note that, without having a third-party backup solution in place, data could be at risk if is it deleted by mistake, breached or made unavailable for some reason. With that in mind, it’s advisable to have dedicated products in place to maintain a strong security posture.

We recently heard a story from a client that serves as a good reminder: the company had migrated to Office 365 some time ago and recently discovered that two members of the board’s email accounts had a rule set-up to forward all emails to an unknown Gmail account. They had no idea how long these accounts had been compromised, and subsequently performed an investigation. Needless to say, the compromised accounts had very weak passwords, such as the organisation name appended with a number.

Of course, even if this organisation had enforced a reasonable password policy, this is a very viable attack vector. Threat actors often make several unnoticed login attempts to Office 365 every day, putting sensitive data at risk. A successful breach could lead to a whole host of issues. For example, it could alter datasets or make important data unavailable and pause daily operations. Another possibility might be that a breach might cause data to be permanently deleted or held to ransom.

Authentication and access controls have come a long way, but protection like multi-factor authentication can sometimes impact on productivity in the workplace. It’s therefore crucial to have a basis of strong organisational security awareness and dedicated security solutions throughout your organisation. This ensures your most important assets and sensitive data are safeguarded, while enabling employees to remain productive.

Our Office 365 backup solution, powered by Veeam, protects your business-critical information and enables the continuous availability of sensitive data, in line with GDPR requirements. To find out more about how we can help to you work safely and office peace of mind that your Office 365 data is always available whenever you need it, click here.