With your physical office security, you would never leave the doors and windows open in the belief that criminals will only target much bigger businesses who have more to steal. Yet most small business owners do this every day with their online data - when we ask what steps they've taken to secure their information we generally get the same misguided response: “We’re only a small business so it doesn’t apply to us”.
This attitude appears to arise from the mistaken belief that most cyber security breaches are the result of a highly targeted campaign, aimed at multinational corporations with deep pockets. This is true only in a tiny minority of attacks. In most cases, cyber criminals are collecting IP addresses and email addresses from wherever they can find them, running algorithms and automatic programs that are constantly searching for any way into your environment. If you have an email address and a website (and you do, or you wouldn’t be reading this article), you are being targeted right now.
“There are two types of companies: those who have been hacked, and those that will be.” Robert Mueller, FBI Director, 2012
If your business is using Office 365, there's a wide array of configuration options and out-of-the-box functionality just waiting to be turned on, that will eradicate a huge percentage of threats. By default, your only cloud security is your password, but with some guidance you can quickly increase your security (and gain the edge over competitors) by protecting yourself against password theft, configuring alerts and notifications, and disabling some common causes of security breaches.
The majority of attacks are phishing scams using fake emails and websites to trick users into giving their passwords away. Cyber-criminals impersonate trusted organisations such as banks, airlines, email providers, Google and Microsoft, and even staff who are highly trained in spotting fake emails and sites can often be tricked into clicking on a malicious link.
Once a criminal captures a user's credentials they can infiltrate your systems, monitor behaviour and steal data. And for the average business it can take months before a security breach is uncovered. But it is possible to safeguard your business against these attacks by adding layers of protection to existing passwords and checking some common hiding places, to identify breaches.
Click here to read our guide on "5 Things Admins can do NOW to improve your Office 365 security". If we return to the analogy of home or office security, these steps are the equivalent of installing video cameras and alarms, adding bars to windows, locking the doors and checking for criminals already lurking on the premises.
Another useful tool is Microsoft Secure Score, which rates your Office 365 environment’s security stance. In our experience, the average business has a score between 30 and 40, out of a potential 400-800 (depending on your licence). Global admins can check their secure score NOW – if it's below 100, you're vulnerable and need to take protective measures right away!
365 Solutions Group are experts at Security in the Cloud, and work across the Microsoft product range to recommend the best practices for every customer. Contact us to provide a security audit of your Office 365 environment (based on your current licences) and to recommend specific actions to your users, your business operations and your industry.
365 Solutions Group Pty – Level 6, 200 Adelaide St, Brisbane QLD 4000