If you’re one of the millions of companies using Microsoft 365, you probably feel confident in your security posture. But how secure is your business with Microsoft 365?

Whatever the organisation’s size, or the platform they use, IT security is one of the top priorities for every IT professional.

Everyone knows cybercriminals are trawling through all parts of the internet, looking for the smallest of ways into a company. Especially now with remote working, file sharing and collaborative working being daily practices, everyone in the business must remain vigilant to data breaches.

If you’re one of the millions of companies using Microsoft 365, you probably feel confident in your security posture. But how secure is your business with Microsoft 365?

Using Secure Software Doesn't Prevent Insecurity

Microsoft 365 is a commonly used platform for millions of businesses worldwide and comes with strong security settings straight out of the box. But is it as secure as you like to think? The fact of the matter is your data is only secure when security has been properly implemented.

Kaspersky highlighted a 53% surge in cyber threats targeting Microsoft Office in 2023. They also detected an average of 411,000 malicious files every day, up 3% from the previous year.

Backdoor detections escalated from 15,000 files in 2022 to 40,000 in 2023 – showing that cybercriminals are taking the destructive tactic of taking remote control of their victims’ systems and being free to carry out all manner of tasks.

Secure by Design; Insecure in Practice

"'Secure by design' isn't enough on its own. It's the equivalent of wearing a bicyle helmet without properly securing the straps, or not servicing your car's brakes."

These incidents are a stark reminder that even your well-trusted platforms can fall victim to a security breach if they’re not properly protected.

Microsoft says 365 is “secure by design”, which means it comes with strong protection out the box, with little to no expertise required. But ‘secure by design’ isn’t enough on its own, it’s the equivalent of wearing a bicycle helmet without properly securing the straps, or not servicing your car’s brakes.

As cyber attackers become more sophisticated, the security that the system was built with will not offer the full amount of protection to stay protected throughout its lifetime.

The same applies to your business’s Microsoft 365, which you must regularly analyse to look for any gaps or vulnerabilities in your security posture.

How Protected is Your Microsoft 365?

A good first step to finding out is using Microsoft’s Secure Score.

 

Microsoft Secure Score is a numerical summary of your security posture based on system configurations, user behaviour and other security-related measurements. It allows you to monitor and work on the security of your Microsoft environment. It helps your organisation to:

• Report on the current state of your security posture
• Improve your security posture by providing discoverability, visibility, guidance and control
• Compare with benchmarks and establish key performance indicators (KPIs)

According to Microsoft Standards, having a Secure Score of 80% or higher is considered sufficiently secure. If your score is 60% or lower, you are susceptible to security risks and should adopt standard security practices to prevent hackers from accessing your infrastructure.

10 Best Practices for M365 According to Microsoft

As mentioned previously, Microsoft’s default security settings must be backed up by advanced and regular protection. These are the top ten ways Microsoft recommends for securing your business data:

1. Use multi-factor authentication (MFA)
2. Set up and protect admin accounts
3. Use Preset Security Policies to protect email and collaboration content
4. Protect all devices
5. Train everyone on email best practices
6. Use Microsoft Teams for collaboration and sharing
7. Set sharing settings for SharePoint and OneDrive files and folders
8. Use Microsoft 365 Apps on devices
9. Manage calendar sharing for your business
10. Maintain your environment

Other Things to Consider

As well as Microsoft’s own recommendations, there are common security practices you can adopt in your business to increase your overall strength.

• Staff knowledge: To keep your business secure, everyone with access to a device must fully understand the importance of good cyber security practices. Emphasise that responsibility for cyber security does not just fall on the lap of the IT department; it’s everyone’s responsibility.
• Training: Keep your IT team updated with the latest cybersecurity training and standards. For extra protection, pay for your staff to undergo cyber awareness training so they can adopt the basics to their everyday life.
• Suppliers/third-party vendors: Do you asses your suppliers’ cyber security competency? What company data of yours do they hold? Do you know what steps they take to keep your information secure?
• Configure Mobile Device Management (MDM): With more employees using personal devices for work, it’s vital you establish policies for handling business data on personal devices. Microsoft’s Enterprise Mobility Suite lets you manage users and devices that wish to access company files.

Security Audit and Score Improvement

Need support with boosting your Secure Score, or want a cyber expert to conduct a full security audit? PSP is a Microsoft Partner with experience conducting cybersecurity audits and implementing cybersecurity strategies on Microsoft 365.

Our qualified cyber security technicians can support your 365 security with:

• Microsoft 365 Security Audit
• Overseeing the improvement of your M365 Secure Score

The full-time salary of an experienced Cyber Security Officer is over £70,000 a year. Outsourcing the role on a flexible contract through PSP saves money on paying full-time overheads. Whether you need them for two days a week, or even once a month, you only pay for the resource you need.

To speak to one of our cybersecurity advisors about your Microsoft 365 security, fill in this short contact form.

5^th April 2024