Office 365 is the world’s most popular cloud service with roughly 260 million active users, and Microsoft reports that it continues to add nearly 4 million new users each month. That’s not surprising given the business world’s reliance upon productivity applications such as Excel, Word and PowerPoint and powerful collaboration tools like Skype, SharePoint and Teams.
Predictably, that popularity makes O365 an incredibly inviting target for cybercriminals. Microsoft officials say there are more than 300 million fraudulent sign-in attempts to O365 services every day. The company reports that its security teams thwart all but 0.01 percent, but that still represents some 30,000 successful daily attacks.
The good news is that companies with O365 subscriptions can prevent the vast majority of those attacks with a few relatively simple adjustments. The bad news is that many companies remain confused about their cloud security responsibilities.
Although Microsoft and other major cloud service providers spend billions on cloud security each year, that doesn’t relieve their customers of accountability. All cloud providers operate under a shared responsibility security framework in which users and the provider are responsible for different aspects of security. Generally speaking, providers are responsible for securing their cloud infrastructure, but customers are responsible for securing any data they put in the cloud and protecting user credentials.
Microsoft says 99.9 percent of all O365 account breaches would have been stopped if their customers were using multifactor authentication. MFA boosts security by requiring a combination of verification factors, reducing reliance on passwords. However, the SANS Institute reports that many companies don’t implement MFA because they don’t fully understand how it works. They believe it requires external hardware devices and fear implementation could lead to disruptions and downtime.
In truth, implementing MFA in Office 365 is much easier than most think. It is actually included as a standard feature in all O365 subscriptions. Once your system administrator enables MFA for the organization, users logging in to the service will be prompted to set up MFA for their individual user accounts. They can choose between text, email, phone call or app notification for their secondary verification method.
It’s easy to change your MFA settings, if necessary. You just have to log into your O365 portal, click on the tools icon in the upper right corner of the page and choose “Office 365 settings” from the drop-down menu.
Access Management and Education
Companies can further boost Office 365 security by implementing identity and access management (IAM) tools that manage access privileges with a combination of user provisioning, password management, single sign-on and other technologies. These tools can be used to enforce least-privilege access principles that ensure users are limited to only the data and systems access necessary for their jobs.
Employee education is also crucial for boosting cloud security. Training that focuses on strong password practices, recognizing phishing emails and understanding company security policies can improve security awareness and help create a strong “human firewall.”
Industry studies find that more than 90 percent of all organizations use the cloud in one way or another, and Office 365 is the platform of choice for many of those companies. With more and more cyberattacks targeting O365 accounts, organizations must take steps protect their cloud-based resources. RMM Solutions can help with employee awareness training and guidance on using authentication, encryption and access management. Call us to learn more.