Office 365 is your communications hub. The number of emails, data and documents your organization sends daily increases dramatically every year. But more data means more risk. And although Microsoft spends over $1 billion every year on cybersecurity research and development, you need to apply critical Office 365 security best practices to fully protect your information.
Let’s Start With the Basics — Is Office 365 Secure?
Security is a huge priority for Microsoft. Office 365 has built-in security features including enabled encryption, regular backups and “hard passwords” requirements to ensure data security.
While Office 365 is secure, you shouldn’t rely on third-party applications alone. Organizations operate on different processes, workflows and procedures that dictate who receives and sends sensitive emails and data. Office 365’s default security settings don’t automatically protect your business. You need to configure them to fit your organization.
Office 365 Security Best Practices
Office 365 boosts mobility and productivity. As more of your data moves to the cloud, it’s crucial to keep security top of mind. Here are Office 365 security best practices to implement in your business today.
Create a Strong Password Policy
Best practices password policies combine the right security settings with user education.
IT admins should enforce the following:
- Ban common passwords such as “abcdefg,” “123456” and “password.”
- Require an 8-character minimum password length.
- Enforce multi-factor authentication (see below).
Supplement password policies with user education — especially educating users not to re-use company passwords anywhere else. Weak employee passwords increase the likelihood that data will be compromised.
Rights management uses encryption to protect documents and emails so only the intended recipients can use the documents. You can also set up content expiration rules and offline access settings to manage remote document access. (Rights management requires E3 license or Azure rights management add-on license.)
Implement Multi-Factor Authentication
Multi-factor authentication requires you to log in with a phone call, text message or app notification in addition to your password.
Set up on a user-by-user basis, multi-factor authentication complements a strong password policy. It verifies their login whether users are logging in from the office IP address or their local Starbucks.
Monitor Activity With Office 365 Cloud App Security
Office 365 Cloud App Security allows you to monitor suspicious activity. With the tool, you can define policies to trigger alerts and see how data is accessed and used. You can review risky user activity and address security issues as needed.
Create Data Loss Prevention Policies (DLP)
DLP protects against sensitive data leakage so confidential company data can’t be uploaded, shared or emailed.
DLP policies depend on your business. They could be triggered by numbers, keywords, passwords or data identifiers such as Social Security or credit card numbers.
DLP also works with SharePoint, Exchange and OneDrive so employees can safely work uninterrupted across applications.
Assess Security With Office 365 Secure Score
Your business doesn’t stop. Your security shouldn’t, either. Office 365 Secure Score is an analytics tool that compares your activity and security settings to a baseline set by Microsoft and makes recommendations to improve your security. It’s a great tool to monitor, adjust and evolve your security.
You can access Secure Score at https://SecureScore.office.com. (You’ll need to sign in as a global admin.)
Office 365 security best practices are just a piece of the security puzzle. Securing your organization takes constant vigilance and strategy to ensure you’re protected not only now, but also as your business scales and grows in the future.
At Agile IT, we’ve helped companies of all sizes deploy, protect and manage their Office 365 environments. If you’re looking for an experienced Office 365 advisor, schedule a call with an engineer today.