Office 365 is perfectly safe right, since all the data is held by a brilliant software company named Microsoft? That couldn’t be further from the truth. If you can get to your O365 data – so can a hacker. If your O365 global admins can get to ALL your company’s data – so can a hacker.
Since Office holds the majority – 58.4% – of your enterprise’s critical data, protecting it and your end users identities is paramount.
Luckily, there is a quick and easy way to find out how safe your O365 really is. Simply take the CoreView Office 365 Security Posture Quiz and find out in seconds the level of your security. Not just that, you’ll get a detailed report on what you can do to tighten up your O365 ship.
The quiz walks through 4 essential categories.
Passwords and User Authentication
Answer our quiz’s six quick questions to find out how secure your end user passwords and user authentication methods are.
Think your complex passwords with all those numbers, special symbols, caps and lower case makes you bulletproof? You are forgetting one thing. As Microsoft security exec Alex Weiner recently blogged, with multi-factor authentication (MFA), “your account is more than 99.9% less likely to be compromised.”
Meanwhile, the US government strongly argues that MFA is “the best mitigation technique to protect against credential theft for Office 365 administrators and users.” Turns out all those pesky security codes are well worth the trouble.
Let’s face it. Hackers have raised password cracking to an art form. With so many weak passwords, it doesn’t take a rocket scientist to break them. That is why US government Office 365 security guidelines strongly advise MFA, especially for admins.
Multi-factor authentication is a surefire way to prevent unauthorized logins, and there is little excuse not to use it.
Just two simple quiz questions give a good idea of whether you are doing email security right or wrong.
It’s clear that e-mail is BY FAR the most common way hackers breach your systems – making insecure mailboxes and poor e-mail user practices your biggest security exposure. Mailboxes are made vulnerable through insecure, weak and never expiring passwords, as well as a lack of multi-factor authentication (MFA).
Meanwhile, monitoring employee activities such as their mailbox practices can identify risky behavior and proactively secure business critical data. Preventing risky activities such as auto-forwarding to external email addresses and limiting access rights to other user’s mailboxes can prevent the spread of malware and the leakage of data through emails. In addition, being aware of unusual email activity prevents targeted spam or social engineering tactics common among today’s cybersecurity threats.
Least Privilege Access for IT
Do you have time to answer five quiz questions that determine if you have Least Privilege Access – and if so – is it any good?
Did you know that 80% of SaaS breaches involve privileged permissions? And that admins have the most privileges of all? That the average shop faces 0.8 insider threats every month – close to ten a year?
Here’s some more tough news. IT pros are people like anyone else. And when they go bad, they can do very bad things. They know where the bodies, err, the data lies, and how to get it. And with their high-level privileges, there is little to stop them from stealing data or causing other kinds of MAYHEM.
So how do you mitigate/reduce the breach risk related to your Office 365 operator’s rights? IT veterans may chime in with role-based access control (RBAC), low levels of which indeed exist within Office 365.
RBAC is the best way to achieve Least Privilege Access for O365 admins.
Unfortunately, Microsoft simply does not provide a granular RBAC. Luckily with CoreView, you can segregate your operator responsibility by implementing a truly granular RBAC.
Under the O365 centralized admin model, all administrators have global credentials, which means they can touch each and every user. If an O365 admin account is compromised, the hacker can access the entire environment, wreaking widespread security havoc.
CoreView addresses these pain points with our Role-Based Access Control (RBAC) features that give you fine-grained control over what admins can — and cannot do. Using a simple, intuitive interface, CoreView lets IT segment the Office 365 tenant in myriad ways — for example, by department, business unit, or location. After these groups are set up, IT can dive deeper, using CoreView’s RBAC capabilities to define specific permissions for administrators who then can only perform certain tasks and only against a specific subset of users.
Hacker Intrusions – Blocking, Mitigating and Investigating
Cybercrime is your tenant’s biggest threat – which is why we have ten quick quiz questions to determine how well you can ward off these attacks.
The truth is breaches sometimes bust through the best barriers. And when they do, they wreak havoc – and cost a boatload of money. According to Ponemon’s ‘Cost of a Data Breach’ Survey, the cost of losing a single file is $141. When did you ever lose a single file? And those files add up. The average cost to an enterprise of a breach is a staggering $3.62 million.
Most don’t know they’ve been breached until it is far, far too late. It takes about 191 days on average to figure out that you have had a data breach.
Every organization has security events that occur within their IT environment. Finding them quickly and shutting down the problem is a constant challenge for IT administrators and security teams. With millions of activity events from a variety of O365 log file sources, it’s difficult to find relevant data and make sense of it.
The answer is data breach forensics that rely on long-term log data quality and retention so you can perform a proper security audit. Here you discover what happened so you can minimize ongoing damage, and by finding the source, stop it from happening again.
Know the Score – Take Your M365 Security Posture Quiz Now
Answer 23 simple questions and find how where your M365 security stands. Take the Office 365 Security Posture Quiz, and get a full report on how to improve Microsoft SaaS safety.