Security is a massive concern in the Digital Age for individuals, businesses, organisations, and even governments – basically anyone who uses computers. And while terms like “hackers” “malware” and “compromised users” are ones most people are familiar with, it’s not uncommon to encounter the attitude of “It will never happen to me/us.”
Even from people who should know better.
Security breaches in a business happen fast, and when they do, companies need to be prepared to deal with them, as that’s far preferable to spending valuable time, money, and human resources trying to recover and repair what was lost.
Prevention, as the maxim goes, is better than cure.
“Office 365 is not only one of the most popular digital productivity suites, it is also one of the most secure,” says Othelo Vieira Product Manager at Tarsus on Demand. “However, in the age of cloud computing, you can never be too safe.” That’s why he’s provided some practical ways you can increase and improve your business’s Office 365 security within the first 30 days of deployment.
Start by scoring yourself
“Even if you’ve already put certain security measures in place, it can’t hurt to double and triple-check everything,” says Vieira.
One of the easiest ways to do this is by using Microsoft’s Security Score. This is an assessment utility found inside Microsoft 365 Security Center dashboard and lets you see how your organisation fares when it comes to cyber security.
It performs an analysis on your Office 365 workloads and makes recommendations on where your greatest vulnerabilities are, and how you can amend them.
According to Vieira, “It is, quite literally, a tick-box exercise, where you can mark off what needs to be remedied in order to improve and heighten your security.” It also provides a good foundation for further security configuration.
Get the data
One of the recommendations Secure Score might suggest, is turning on Audit Logging in Azure. By doing so, you’ll receive regular reports and updates on the activities within your organisation. “Monitoring your operational activity makes it easier to identify not only security gaps, but also abnormal activity,” says Vieira. These data logs can also be run through third party software to capture, process, and alert you to any suspicious behaviour.
Leverage Cloud App Security
“If you’re already making use of Office 365 and Azure, it naturally follows that you should maximise all the resources available to you.”. The Azure Cloud App Security add-on uses AI and heuristics to learn about your business’s behaviours, and with Threat Explorer it can evaluate risks, detect irregular activity, compromised users, ransomware, and rogue apps across your cloud services. It can also be configured to take a level of automatic action when a threat against your business is detected.
Let’s talk about email
Despite being a well- established business tool that you’d expect everyone to understand by now, email remains one of the easiest ways for hackers to get into any business’s systems.
As a result, it’s essential to ensure that you’ve enabled your anti-malware, anti-phishing and anti-spam policies here, as well as configured the Advanced Threat Protection technologies available to detect safe links and safe attachments for user email. End-user education around cybersecurity and email best-practices also helps with this.
Give your admins some attention
You should always have specific and dedicated accounts for administrative roles and be certain that your administrators are using secure devices, like a fully-updated Windows 10 machine, to manage your cloud services. Multi-factor authentication is also a must, and not just for admins but across all users, along with regularly changing passwords and enforced minimum password length and complexity. According to Vieira, this not only bridges a security gap, it creates an easily established – and formidable – obstacle for malware and hackers alike.
Are you compliant?
A final way to ensure your security is standardised and compliant is to follow the regulations set out in the EU’s GDPR legislation. If your business does any transactions with European companies, you should already have enforced the GDPR across your digital assets, but it is also useful to follow the guidelines for both your and your personnel’s digital protection, using it as a parameter for an internal data governance policy. As a bonus, being GDPR-compliant means you’ll also be most of the way to being 100% compliant with POPIA, South Africa’s version of GDPR.
If you’d like to find out more about cloud migration, how to best secure your Office 365 and other value-added cloud products and services that Tarsus On Demand offers, check out the Tarsus On Demand website or get in touch, and we’ll do our best to help.