Securing Office 365 – Who’s to blame when a breach occurs?

A number of recognised bodies in the UK are urging businesses to add an extra layer of security on the perimeter of Office 365. Why? Because, as the cloud app has rocketed in terms of popularity, this in turn has increased the volume of reported breaches or attacks from cybercriminals, due to the level of default security which comes as standard. It’s no use relying on Microsoft to do the job for you; a recent study reveals that a quarter of phishing emails bypass default Office 365 security, based on an analysis of more than 52 million emails across nine industry sectors.

As attackers develop new deception methods to take advantage of zero-day vulnerabilities, not only on Office 365 but with other cloud apps, the proportion of breaches are set to increase further. It is therefore advised that extra measures are taken when securing cloud apps such as Office 365 such as Multi-Factor Authentication (MFA). This enables users to access their cloud apps using not only a password, but also a code provided over text message to a mobile device (less secure) or via an authentication app or key such as LastPass (preferred method). Using a second factor in the process of logging in to any cloud-based account adds an extra ‘safety blanket’ over your cloud apps, and thus deters cybercriminals from gaining relatively simple access to your data. Whilst some users may find the set up process with MFA apps tiresome and concerns arise around decrease in productivity if phones are lost, for example, the benefit of implementing this second security factor far outweighs any initial inconvenience.

Office 365 comes with a Data Loss Prevention (DLP) feature as standard, but it’s important to ensure that any existing DLP measures your infrastructure has in place is compatible with O365 and vice versa. By identifying gaps in your on-premise security as well as your cloud security, you can remediate any potential vulnerabilities. This is especially pertinent if your users upload sensitive information to the cloud such as staff salaries, postal addresses, credit card numbers, bank details etc. The standard DLP service that is provided with O365 will detect any data that appears to fall under these categories and will prompt the user to make a decision on whether they feel this data is safe to store in the chosen location – for example, “hey, this looks sensitive — are you sure you want to be doing that?”; or block the action completely. However, while this is a useful and can help to avoid a potential data breach, it’s advised to supplement and merge the default DLP measures with your own.

Usage rights policies should also be taken in to consideration. Take steps to ensure the right users have access to the right files, and that certain users DON’T have access to certain files. Human Resources and Payroll data should be kept locked down, for example, and anyone outside of these departments should not be granted access. Even users within those departments should be subject to rigorous questioning as to why they should have access. Sensitive information needs to be handled with the utmost care and respect for those within your organisation who have divulged their information in trust.

Limit the amount of IP addresses linked to your O365 system by operating Office 365 Active Directory. Office 365 uses Azure Active Directory (Azure AD), a cloud-based user identity and authentication service that is included with every Office 365 subscription, to manage identities and authentication for Office 365. For this feature to operate at its best, it’s vital that the identity infrastructure is configured correctly. This may take some time to implement but preventing a security breach in the long run could save your company its reputation and from wasting resources spent exercising damage limitation.

If you want to avoid any large-scale future deployments in your cloud security, its crucial to receive all the latest O365 security updates. This can be done by using an XML file and running your O365 client updates intermittently. Updating your O365 security more frequently may cause some internal resistance with your users, however – running multiple updates less frequently resulting in larger periods of downtime could have a greater detrimental effect on your business.

So, it therefore begs the question; who’s to blame when a breach occurs within Office 365? Research shows the onus lies with the customer, not the provider in this case. To learn more about how you can continue to use Office 365 with water-tight cloud security and peace of mind, contact our specialist Sales Team to arrange an Office 365 Security Assessment. If you are considering deploying a CASB service to extend your DLP infrastructure to the cloud, CST can provide this as a fully integrated solution. Discover more about cloud security by visiting our dedicated cloud page on our website.