Ignore Office 365 Security at Your Own Peril
Office 365-Specific Security Essentials
Every IT shop worth its salt has at least a few layers of security – anti-virus/anti-malware, firewalls, maybe some intrusion detection and prevention systems. However, Office 365 adds an array of SaaS-specific openings that hackers are more than happy to exploit.
Did you know that:
- 58.4% of critical data is in Office Docs
- 25% of phishing attacks bypass Office 365 security
- 40% of Office 365 shops suffer compromised credentials?
Meanwhile, over 70% of O365 business users suffer at least one compromised account each month. The fact is, Office 365 applications come with some inherent vulnerabilities, especially when admins do not follow proper security measures, and rely entirely on non-Office 365-specific security solutions.
Office 365-Specific Security Best Practices
Key Office 365 security best practices include password policy, multi-factor authentication, mailbox security, and file storage security. Proactively establishing best practices in these areas dramatically reduces security risks.
Ensuring that administrative privileges are limited to those that absolutely need them is critical to a safe Office 365 environment. An internal threat, such as a disgruntled employee, with access to global admin privileges, is a major risk that can be prevented simply by limiting the number of users with admin privileges — and restricting the scope of those permissions.
Monitoring employee activities such as their mailbox practices can identify risky behavior and proactively secure business-critical data. Preventing risky activities such as auto-forwarding to external email addresses and limiting access rights to other users’ mailboxes can prevent the spread of malware and the leakage of data through emails. In addition, being aware of unusual email activity prevents targeted spam or social engineering tactics common among today’s cybersecurity threats.
CoreView to the O365 Security Rescue
Fortunately, CoreView has the solutions to make essential security tasks a piece of cake. CoreView works by collecting all available information from the Microsoft O365 platform, including audit logs, application-specific APIs such as Exchange Web Services, and all Azure Active Directory information. This data is stored in an Azure subscription in MongoDB; and action-enabled, which gives CoreView customers very specific advantages for configuration issues.
Here are five ways CoreView safeguards your O365 tenant.
1. Create strong unique passwords that are changed regularly.
Run CoreAdmin Reports to identify accounts that do not have password expiration set — especially service accounts — and apply changes in bulk using CoreAdmin delegated admin facilities
2. Enable Multi-Factor Authentication, especially for remote logins.
Use CoreSecurity Audit Sign-In Reports to identify not only remote login attempts, but also discover targeted accounts, MFA status, failure reasons, and get the remediate MFA status directly from the CoreView reports.
3. Modernize legacy systems and ensure software is as current as possible.
CoreView can validate your workstations and ensure software is up to date, AND you can run CoreSecurity Azure AD Reports to document 3rd-party applications granted and utilizing access to Azure AD.
4. Limit the granting of administrative access.
Giving global admin rights to too many people is one of the worst things you can do to your network security. Instead, leverage CoreAdmin’s functional least-privilege access and Role-Based Access Control (RBAC) functions to quickly create a least-privilege access model that restricts admin rights to only what is actually needed.
5. Audit all workloads for end users and admins.
CoreView stores an external, immutable log of every administrative action for the life of the platform. Every agency should be able to produce this type of information.
At the same time, ensuring that auditing is enabled across all workloads is also crucial as it lets you perform forensic analysis and see in detail how malware spread. You should store, access and audit logs in a separate and immutable location and define how long you want these logs retained by enabling CoreSecurity.
With CoreView, you can ensure your Microsoft environment is correctly configured. This greatly increases your chances of blocking or at least surviving malware.
Protect Your O365 Tenant With CoreView
Or sign up for a personalized CoreView demo.
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.