How to secure your Office 365 installation against hackers
Microsoft Word is an almost timeless product that means very different things to different people. For a college student, it means late nights, cheap energy drinks, and frantically hammering away at a keyboard to get an essay in. For a writer, it’s a blank canvas that channels their inspiration and breathes life into their ideas. While for many office-bound professionals, Word is simply a necessary tool.
Unfortunately, some people also view it as a host of nefarious opportunities. While most see Microsoft Word and the rest of its Office 365 brethren as a way to apply themselves and create something of value, cybercriminals often see things differently — it might just be the entry point they need to get into your system and steal your data.
This blog post serves two purposes: first, we’ll go over the security measures that are built into Office 365. Then we’ll dive into additional actions you can take to ensure your installation and usage are as secure as they can be.
How secure is Office 365 out of the box?
Microsoft has gone to great lengths to make their products as secure as possible, and Office 365 is no exception. This means that simply by purchasing the software suite, your business automatically benefits from a range of security tools and a dedicated team of cybersecurity experts working around the clock to keep your files and data safe. But this doesn’t mean you can just check out and embrace blissful ignorance; rather, it’s imperative that you know the strengths and limitations of the security that comes with Office 365.
The six layers of security protecting Officer 365 Users:
- Physical security: Microsoft’s data centres, where your Office 365 data is stored, are designed with security in mind. They are impenetrable by human invaders and natural disasters, serving as literal bunkers to protect your data.
- Network security: Microsoft’s network is designed in such a way that back-end servers and storage are physically separated from any public-facing interfaces, significantly reducing the likelihood of a bad actor getting deep into the system. All customer connections to the data centre are also encrypted — read our previous blog post on encryption for the lowdown on that security measure.
- Access control: To help users make sure they’re in control of who is accessing their data at any given time, Office 365 integrates with a range of tools that provide granular control over how people can interact with your account. These tools include Active Directory, Azure Active Directory and ADFS.
- Host security: This layer includes antivirus and antispam protection and can be applied across your organisation with the Office 365 Advanced Threat Protection (ATP) service. Office 365 ATP is an effective countermeasure to zero-day attacks (when the hacker exploits a previously unknown vulnerability) and can be included in all Enterprise and Business packages.
- Application-level security: This includes security features that are present in each Office 365 service, including high-load capabilities like throttling and regional isolation, which mitigate the risk of Distributed Denial of Service (DDoS) attacks.
- Data security: The last layer involves the security of any data stored on Microsoft servers. Servers are multi-tenant, each set of customer data is secure through data isolation and segregation through Active Directory. Data is also kept safe from Microsoft employees through role-based access control and lockbox processes.
What else can you do to outwit potential hackers?
Office 365’s security layers are, without a doubt, a valuable defence against cybercriminals. That being said, there are a few extra measures you can take to make doubly sure that your company data never falls into the wrong hands. These include:
Minimising risk during installation
Not using Office 365 but considering making the move? Then it’s vital to prepare your existing system, data and employees for the transition. Bank robberies often happen when the money’s in transit. Likewise, data is also more vulnerable when moving from one server to another. It’s therefore a good idea to identify sensitive company data early on, and then to restrict access to it whenever possible.
Office 365 offers extensive permission functionality, so make it a priority to designate and implement role-based restrictions before said data is migrated. Failure to do so increases the risk of internal security threats, like the odd disgruntled employee.
Enabling multi-factor authentication
For additional ongoing security, you can require employees to log in using multi-factor authentication. Every Office 365 for Business subscription includes Azure multi-factor authentication. It is a per-user model, so don’t worry about employees who don’t have access to sensitive data. Microsoft has a detailed guide on how to set up multi-factor authentication in Office 365, which you can access here.
Regularly checking your Office 365 Secure Score
Microsoft recently unveiled the perfect tool to see how secure your Office 365 is: the Office 365 Secure Score. It analyses services installed on your network, security settings and regular user activity, and assigns a score. This is a great indication of whether any particular area poses a risk and needs attention. For more on the Office 365 Secure Score, click here.
If you want an expert opinion on your system infrastructure from leading IT professionals who understand the needs of Australian businesses, you can request a free onsite IT assessment from ITRO. We guarantee a fair and balanced assessment with no strings attached. One that’s actually worth your time and offers genuine insight into the security and efficiency of your existing technology. We can also help you make sure that your Office 365 installation is secure and fully insulated against cyberattacks. Get in touch today.