Many businesses have taken the approach to leverage Office 365 to simplify their technology needs. And why not? The benefits are easy to justify—you can manage your costs more easily, you’ll have access to the latest software, you will relieve your IT with managing the underlying infrastructure, you can provide your users with the specific tools they need depending on their job function, and you’ll pay only for the capabilities the business really needs. Today’s business model requires that you achieve efficiencies through outsourcing, and Office 365 allows you to do that. What’s more, you’ve taken steps to enhance productivity for your mobile workers like never before!
If you’re responsible for making that decision for your business, give yourself a pat on the back for making a prudent choice. You might even highlight these accomplishments in your next performance review. Be sure to use all the right buzzwords like cloud enablement, TCO, ROI, reduced carbon footprint and social responsibility, enterprise productivity, business agility through mobility, collaboration and compliance – that’s just a few to get you started.
Know the Risks
Before you envision your move to the corner office thanks to your inner strategic genius, ask yourself these questions:
- What new risks have you exposed your business to?
- What are the security implications of moving my corporate information to the cloud?
- If my users can access our corporate information from any device, anywhere and at any time, how can I be certain that access to our business data—literally the crown jewel of almost any company today—is restricted to only those who should have access?
- How can you prevent leakage or loss of that data now that it resides on systems outside of your corporate network?
If you don’t have good answers to these questions, or a plan to address the problems they uncover, you may end up in a corner you hadn’t planned on.
What’s Your Secure Score?
Fortunately, your vendor of choice provides an invaluable resource to help you. Microsoft’s Office 365 Secure Score is a self-assessment tool that examines the security of your Office 365 tenant (where all your users are defined, where your company-wide settings are stored, and where your data resides) and gives you a measurement that indicates how well you are protected against the risk of a security breach or successful hack attack. A default target secure score is set for you, based on Microsoft’s recommended best practices, and how your Office 365 tenant is configured will determine your score. How easy is that? Things are looking up for you again.
It really is that easy to know your secure score, and there are a number of action items in that list that are relatively easy to complete in order to increase your score. Most organizations that run this assessment for the first time will probably have a score close to 100, and the maximum score at the time of writing is just over 450. The tool also provides a current reading of the average score for all Office 365 tenants globally, and it is shockingly low at 48 as of the time of writing. While you may be twice as “secure” as the average, there’s a lot of work to do!
You might still want to wait before you call the movers for your corner office. The output from this assessment is simply a report card with recommendations for improvement. This is the time for you to roll up your sleeves and get down to business, and this is where it gets more complicated.
A plan should be put in place that will address the risks identified in the assessment report. Your company will need to decide what an acceptable score is, based on its appetite for risk. Like any business decision (and make no mistake, this is not just a technical decision but one your business leaders need to weigh in on!), there will need to be a balance between benefits and costs. Achieving 60 percent of the total possible secure score will carry a certain cost. Bringing that score up to 90 percent will have a higher cost with a much broader impact.
Some of the recommendations will be simpler to implement than others, such as enabling multi-factor authentication—first for your administrators and then for the rest of your users. This is one of the best and most effective actions you can take and should take as quickly as is feasible (you’re already paying for it!). Other recommendations will require further thought before implementation, such as enabling audit policies or disabling certain activities in your Office 365 tenant. And still others will require ongoing review of suspicious activity reports that are available in the Office 365 and Azure portals. Every action taken will result in a higher score, and some will have different point values depending on the risk it is intended to mitigate.
Lastly, you need to keep checking in to ensure your secure score remains at the predetermined level your business decided on. New security features are constantly being developed for Office 365 and are often not enabled by default. Conversely, new threats arise every day, so a setting that was optimal in the past may require further adjustment to achieve the same level of security today.
If your secure score is anything less than 300, you should be concerned, and we can help you. Achieving an acceptable score for your organization is essential to mitigating the risks of account breaches, data leakage/loss, or other malicious cyber attacks, especially with your data in the cloud. For all its benefits, there are risks that need to be addressed with cloud services.
All organizations are targets of attack, so it is critical that you take the necessary steps to secure your users and your data. If you’re still looking to secure your spot in the corner office, why not make another wise choice? Find out your secure score today and let cloud cybersecurity experts help you get secure and stay secure in Microsoft Office 365.