Office 365 is the most widely-used cloud application suite in the corporate world and boasts over 100 million monthly active users worldwide. For most organizations, this is their first step into cloud computing, which also means it’s their first step into cloud security. When using Office 365, more and more of your organization’s critical data will be stored in Microsoft’s cloud which means you’ll have security concerns. According to the 2017 Cloud Security Spotlight Report conducted by the Information Security community on LinkedIn, the top three of these cloud security concerns are protecting against data loss (57%), threats to data privacy (49%), and breaches of confidentiality (47%). Thankfully, a lot of the best actions you can take to assuage such worries are doable through Office 365 itself.
To combat these fears and threats, it is wise to use your Office 365 suite as a security monitoring tool. To do this, your IT team needs to monitor activities done within the cloud environment. To make it easy, we made you a list of these activities and included a best practice for each one. Please keep in mind that some of these tools may require Office 365 AD Advanced.
Activities to monitor:
- User access: Know who’s using the subscription and where they are. Establish a baseline normal behavior so suspicious activities are more easily recognized. For example, knowing your head of HR is in Texas will tip you off that a login attempt from Greenland isn’t them. Additionally, it will alert you to repeated login attempts, which may be a sign of a brute-force login attack
- Administrator actions: After gaining access to your environment, attackers will escalate their privileges in order to grab control and access to sensitive data. Monitoring changes to admin roles and access rights and looking for any erratic admin behavior will help you detect attackers before disaster strikes.
- File access & sharing: monitoring changes to sharing permission and policies in OneDrive and SharePoint can help you see the early signs of a potential data breach.
- Changes to 365 Policies: you can set your Office 365 policies to define the expected behaviors and activities of your users and applications within Office 365, so you should constantly stay vigilant for any policy changes that can expose you to risks. These possible changes include changes to content filtering policies, which would make it easier for bad actors to send phishing emails and malware. Also look for changes that may weaken your organization’s password policies.
Cloud computing is here to stay, and we already know hackers will be around for the foreseeable future. Don’t let your organization be lost in today’s computing world. Use these tips as your North Star, or give us a call at CHR and we’ll help you get headed in the right direction.