Security features and recommendations – Office 365
26th November 2018
Robust data security practices are essential to protect your business’s data and systems. The traditional method of controlling entry to systems using static passwords created by users is no longer considered to be sufficiently secure as hackers develop increasingly clever ways of cracking passwords. These methods are many and varied, and include:
Relying solely on static passwords places the onus on users to remember a whole raft of different passwords. The higher the number of passwords users are expected to remember, the more likely they are to forget them and be required to change them after failed log-in attempts. This encourages users to come up with less secure passwords as they run out of options and revert to simpler passwords that are easier to remember. Because password-only access alone is increasingly considered to be insufficiently secure, passwords should be viewed as part of a company’s security front line, to be used in conjunction with other security measures.
Securing your business’s data and systems
The National Cyber Security Centre (NCSC) (a part of GCHQ) recommends the use of multi-factor authentication (MFA) in its password guidance. MFA is a layered defence that makes it more difficult for hackers to gain access to systems – they are faced with at least one additional barrier to entry if a user’s static password is compromised. With MFA, users begin by entering a static password but are also required to enter one or more other pieces of information, which could be a combination of:
Once MFA is in place, the onus is no longer on users to remember a whole raft of different passwords. Instead, they can set up one longer, and more secure, password that they can use across systems.
Microsoft recommends the use of two-step verification, a form of MFA, for access to its systems (a security measure that is already used across many other systems). When users attempt to log in from an unrecognised device, a security code is sent to their mobile phone or another registered email address and access is only granted once this code has been entered.
What about the companies we work with, what if they have been hacked, what information have my users sent to these companies over email and how can that information be used against us
Microsoft’s security recommendations – password security
Despite the reduced focus on static passwords and the increase in MFA, passwords will still be with us for some time to come. A report from Microsoft about password security for Microsoft users outlines some very useful recommendations for IT administrators to ensure the security of business systems:
To ensure the security of your data and systems it is essential that you implement adequate security measures. Part of this process entails educating users (e.g. robust password protocols, not opening emails or attachments from unknown sources) as well as ensuring that your business’s systems and software are kept up-to-date with the latest security patches, etc. Office 365 offers a whole host of features and tools that can help you protect your business and data. To find out how our security specialists can help you secure your data and systems, please contact our teams