Is Office 365 secure?

By Communication Square | Secure Cloud

Jan 25

Microsoft Office 365 is one of the most used software packages in the world, with 27 million active consumer users and over 100 million active enterprise users. With the latest version released in 2016, Office 365 has taken and integrated the latest cloud technology to their famous word processing and business apps. These new features include online cloud storage which includes automatic online backups, easy sharing of projects between staff (without a server) and added security.

However, like all new technologies, it is not without its new vulnerabilities.  Cloud-based technologies have unique security concerns that need to be understood and taken into account by managers, such as the data being accessible from anywhere and, thanks to the cloud’s remote nature, susceptible to unauthorized access.

So how secure is Office 365?

  • Set up multi-factor authentication

Using multi-factor authentication is one of the easiest and most effective ways to increase the security of your organization. It’s easier than it sounds – when you log in, multi-factor authentication means you’ll type a code from your phone to get access to Microsoft 365 rights management. This can prevent hackers from taking over if they know your password. Multi-factor authentication is also called 2-step verification. Individuals can add 2-step verification to most accounts easily, for example, to their Google or Microsoft accounts. Here’s how to add two-step verification to your personal Microsoft account. This is the most efficient practice to be used as far as office 365 security is concerned.

For businesses using Office 365 and Microsoft 365, add a setting that requires your users to log in using multi-factor authentication. When you make this change, users will be prompted to set up their phone for two-factor authentication next time they log in.

  • Use Office Message Encryption

Office Message Encryption is included with Office 365. It’s already set up. With Office Message Encryption, your organization can send and receive encrypted email messages between people inside and outside your organization. Office 365 Email Encryption works with Outlook.com, Yahoo!, Gmail, and other email services. Email message encryption helps ensure that only intended recipients can view message content.

  • Use dedicated admin accounts

The administrative accounts you use to administer your Office 365 or Microsoft 365 environment include elevated privileges. These are valuable targets for hackers and cyber criminals. Use Office 365 administrator accounts only for administration. Admins should have a separate user account for regular, non-administrative use and only use their administrative account when necessary to complete a task associated with their job function. Additional recommendations:

  1. Be sure admin accounts are also set up for multi-factor authentication
  2. Before using admin accounts, close out all unrelated browser sessions and apps, including personal email accounts.
  3. After completing admin tasks, be sure to log out of the browser session.

 

  • Backup sensitive data offline

To prevent data from being deleted accidentally or tampered with maliciously (Such as with a Ransomware virus, a virus that encrypts your data and only gives you a key if you pay the hackers), it is worthwhile to have an offline and online backup of your sensitive data. This is a fail safe measure just in case the cloud is compromised, or a user accidentally deletes a critical project and should be a cornerstone of a data recovery plan.

  • Avoid Having a Password File

All the encryption in the world will not matter if a user has access to a password. There has been a recent increase in the number of people having all their passwords, including their Office 365 cloud passwords, in an unprotected text file on their server and computer. In some situations, the file is even called ‘passwords’. This is the first place that a hacker will look when gaining access to your system. The easy solution is to simply not have an unencrypted password file or any file at all.

  • Use OneDrive for Business’s per-file encryption

Office 365’s OneDrive for Business offers per-file encryption, not just encrypting all of the files on the server with one key. This means that all data can be separately encrypted and that if a malicious actor got hold of one of the system passwords, they would not be able to access all the files (apart from one).

  • Revoke Ex-employee Access

When an employee has their contract suddenly terminated, there is the possibility that they might (either consciously or unconsciously) sabotage files. An ex-employee might not be malicious at all, but in cleaning up their space accidentally decide to delete critical files that are shared through the cloud. They might also remove client emails, documents, calendars and more, which thanks to Office 365, is synced throughout the network, to the cloud and might be critical for other departments. MSP’s and IT managers are advised to manage access for these scenarios and ensure any ‘no longer active’ accounts are archived when an employee leaves. A common mistake is that many firms may keep an old profile active ‘just in case’ they need to access the data when they should have proper processes to archive and restrict said data.

Additionally, this principle would also include having a unique login for each employee. Even large firms have been guilty of having one default password for their entire network, which an employee can easily remember before and after they leave the firm.

Ransomware restricts access to data by encrypting files or locking computer screens. It then attempts to extort money from victims by asking for “ransom,” usually in form of cryptocurrencies like Bitcoin, in exchange for access to data.

You can protect against ransomware by creating one or more mail flow rules to block file extensions that are commonly used for ransomware, or to warn users who receive these attachments in email. A good starting point is to create two rules:

  • Warn users before opening Office file attachments that include macros. Ransomware can be hidden inside macros, so we’ll warn users to not open these files from people they do not know.
  • Block file types that could contain ransomware or other malicious code. We’ll start with a common list of executables (listed in the table below). If your organization uses any of these executable types and you expect these to be sent in email, add these to the previous rule (warn users).

Microsoft-managed service-level security technologies and policies are enabled by default and customer-managed controls allow you to customize your Office 365 environment to fit your organization’s security needs. Office 365 is continuously updated to enhance security.

Data you put into Office 365 belongs to you, that means you have complete control of it. We give you extensive privacy controls and visibility into where your data resides and who has access to it, as well as availability and changes to the subscription service. If you end your subscription, you can take your data with you at any time. At Agile IT, we’ve helped companies of all sizes deploy, protect and manage their Office 365 environments. If you’re looking for an experienced Office 365 advisor, schedule a call with an engineer today

About the Author

>