Following a string of high-profile data breaches and the recent WannaCry ransomware attack, cyber-security has never been higher on most businesses’ lists of priorities. For many of those businesses, Office 365 serves as their entry-point to the cloud. While migrating to the cloud has many advantages it also brings its own security challenges.
Here are 10 ways to secure Office 365:
1. Implement a password policy
You can’t always legislate for the human element and survey after survey shows that, left to their own devices, users choose weak and easily ‘crackable’ passwords. Implement a secure password policy that incorporates strength (no more ‘PASSWORD’ or ‘12345’) and automatic password expiration.
2. Assess the environment with Secure Score
Secure Score is a tool that surveys your entire Office 365 setup and ascribes a score based on your regular activities and current security settings. It also suggests actions that can be taken to improve security and lower risks in each area.
3. Message encryption
Office 365 offers a message encryption service. This requires the recipient to log in to the platform to read and reply to an encrypted message, or to use a one-time passcode to access it.
4. Mobile device management
Mobile device management (MDM) allows you to set up controls over the mobile devices used to access Office 365. This includes functions such as setting user level policies and even the ability to wipe the device. This can be particularly important if you have a bring your own device (BYOD) policy.
5. Advanced Threat Protection
Many attacks originate in user mailboxes and Office 365’s Advanced Threat Protection is designed to provide an extra layer of real-time protection. It helps protect against unsafe attachments and malicious links, complementing the security features of Exchange Online Protection.
6. Securing apps with Azure Active Directory Premium
By using Azure AD Application Proxy, a feature of the Azure Active Directory Premium edition, you can secure single sign-on (SSO) and secure remote access for web applications hosted on-premises. End users can then access these apps the same way they access Office 365.
7. Multi-Factor Authentication
This requires users to log in with more than just the usual user name and password. This can include answering a phone call or entering an access code received via text. Multi-factor authentication can be set up on both a user-by-user and an ISP or location basis.
8. Data back-up
Office 365 offers a certain amount of backup. Outlook allows admins to customise retention for deleted items and OneDrive has a recycle bin. Retention and recovery options are limited however, so it usually makes sense to back up data with a supported third-party application such as Acronis, Azure Backup or Email Archiving.
9. Rights Management
You can use Rights Management to set up online access settings, content expiration settings and other restrictions. This can help ensure that documents are only ever used by the intended recipient and for the intended purpose.
10. Data Loss Prevention
Data Loss Prevention (DLP) is a feature available in both Office 365 and Exchange. It allows you to create policies that can restrict certain content, such as emails or credit card details, to being saved to SharePoint Online and OneDrive for Business, or otherwise being shared externally.