Microsoft Office 365 is a fantastic and flexible solution for modern working and having all documents, files and emails available wherever you have access to the internet offers huge opportunities for productivity. Yet having all your data eggs in one basket also increases the risk to an organisation. And many have not gone beyond even the most basic Office 365 security features or options. Below we outline the risks and the reasons why you need enhanced Office 365 security.
Risk of hacking
Even the most basic of hacks can access your Office 365 software if you don’t add additional security measures. The average eight-letter password can be cracked in less than 5 hours. Anything less than this can be broken in seconds with the right software.
Once inside your Office 365 suite, criminals can steal vital data, compromise data to make it unusable, and even send phishing or other scams from your email accounts. All of this can result in a damaged business reputation and significant financial costs (including potential GDPR fines).
Yet, it isn’t that challenging to secure Office 365. There are default settings that can help you do this.
Microsoft Secure Score
Microsoft has a Secure Score resource that can rank a user’s protection level. Technically the top score possible is 707. However, this is only possible with additional services, most of which aren’t necessary.
Organisations should be aiming to score at least 100 on their security. However, the average score is just 37. This is a very vulnerable position for Office 365 users, but reports suggest this is because users don’t know about the potential data-saving options available.
Multi-factor authentication is a must
One area that can improve security instantly is multi-factor authentication (MFA).
This is where another factor for identifying you is needed (for instance, a code sent to your mobile phone). The likelihood of someone having both your Office 365 password and your phone is slim.
Some users express concern that they will be locked out of their Office 365 accounts if they lose their phones. However, there are other ways that MFA can be implemented such as a code to a landline or an email code sent to a secondary account.
By implementing MFA, security is dramatically improved. And with Akita’s DUO MFA solution, you can secure much more than just Office 365.
Securing your devices with Office 365 security
Office 365 accounts are also often compromised from devices.
While much time is given over to securing PCs and laptops, mobile phones and tablets aren’t always considered. Often phones are set up to provide immediate access to Office 365 Outlook without requiring a password. And as work email accounts are linked on personal phones, there’s no guarantee that the employee has any protection for their device.
A passcode is a minimum that a phone should have – biometric logins are preferred. Organisations can also take the extra step of monitoring security on work and personal devices with our Mobile Device Management solution. This ensures that Office 365 accounts stay secure by implementing security across all work devices remotely.
For staff accessing emails from their personal devices, Mobile Device Management partitions part of their device’s memory to store work-related emails and files. This partition can be automatically secured with passwords as well as protected with anti-virus. Should the device be stolen or lost, the data stored in the partition can be deleted remotely.
As can be seen, there are plenty of Office 365 security options for organisations looking to implement better levels of data protection. To discuss the best solution for your organisation, please get in touch.