If you’ve made the move to Office 365 (which is something we strongly recommend that you do – see our blog ‘Office 365 – why we love it’ if you still need convincing), you can be sure that your business will be benefiting from unrivalled built-in security protection to protect your users, information and devices.
Whilst Office 365 is, to a large extent, ‘plug and play’, IT managers have an important role to play in managing the entire business network using the central admin function (for example, for regular maintenance operations such as vulnerability scanning, and diagnostics and troubleshooting activities). Office 365 gives IT managers the capability to control:
- identity and access management (e.g. conditional access requirements based on device and location, multi factor authentication, etc.);
- continuous threat protection against internet-based threats (e.g. malicious links), application-based threats (e.g. malicious apps) and device-level protection. It also includes tools to identify, isolate and respond to threats and attacks, protects users against the known list of malicious websites, and informs users of malicious attachments before they are opened;
- the safeguarding of information as it flows between people, devices and apps;
- the monitoring and management of security. See users and machines at risk, and active alerts. Analytics shows the security updates that need to be applied to your organisation’s machines.
Getting the most out of Office 365’s security capabilities
Whilst the best security protection comes as standard with Office 365, your IT personnel should tailor security settings to the requirements of your organisation to ensure that you are benefiting from the best security capabilities that Office 365 has to offer. This includes:
- using Office 365 Secure Store, which analyses your activities and gives a score measuring your alignment with best practice, as well as advising on actions to take to improve your security protection;
- enabling multi factor authentication to make it more difficult for people to hack into your systems;
- reviewing all admin and inactive user accounts to ensure that only those people who are still actively involved in your business have access to your business’s data and systems, and that only the right people have admin rights;
- enabling Office 365’s anti-spoofing technology, which protects your business from phishing attacks from spoof emails that try to trick you to click on a malicious links;
- using Office 365’s Advanced Threat Protection, which protects mailboxes, files, online storage and applications against cyber attacks;
- enabling mailbox audit logging, to log mailbox activities;
- configuring a data loss prevention (DLP) policy to comply with regulations concerning the protection of sensitive data and its inadvertent disclosure;
- using eDiscovery cases to enable you to search for particular content across your entire business’s data (emails, folders, etc.) This can be particularly important to protect sensitive information, and for regulatory compliance and litigation;
- confirming that you have the correct DNS records in place (SPF/DKIM/DMARC).
We are extremely experienced in Office 365 and are on hand to support you in your implementation or use of this fantastic product. If you’ve got questions about maximising the benefits you are reaping from Office 365, or perhaps you’ve not yet made the shift to Office 365 and you want to know more, don’t be shy – just get in touch and we’ll talk through your requirements.