Office 365 is the most used cloud platform in the world according to user count, and with that popularity also comes a big target. Attacks against Office 365 users have been on the rise as hackers work to compromise accounts to gain access to sensitive date or send spam and phishing from user email addresses.
In March of 2019 alone, approximately 29% of organizations had their Office 365 accounts compromised by hackers.
Users of the platform have also been on the receiving end of targeted phishing attacks designed to steal user credentials through URLs that redirect them to fake Office 365 sign in forms.
The use of cloud computing has exploded in the last decade and brought with it new challenges for securing data stored in online cloud services. One of the ways that Microsoft has worked to mitigate risk for users is through its Secure Score tool.
Microsoft Secure Score is a tool that basically gives your organization a report card on how well you’ve secured your Office 365 account. The tool will compare your score with the total number of points available and show you where you stand.
You also have the ability to view your score in relation to others in your industry, all Office 365 users as an average, or an average from those with a similar number of user accounts.
The goals of the Secure Score tool include:
To access Microsoft Secure Score, you need the following permissions:
The products included in Secure Score are:
Authorized users can access the Secure Score panel from the Microsoft 365 security center or using the Microsoft Graph API.
Next, you’ll go through the steps below to use the tool to improve your organization’s security in Office 365.
When you first open the tool, you’ll be shown your score and have the ability to compare it to benchmarks. The score is shown as your number/total number. So, if there are 700 total points available if you implement every security suggestion, and your point total is currently 400, then your score would be 400/700.
On the Improvement actions tab you’ll see a list of actions you can take to improve your security score. These will include a mixture of things like application settings or reviewing important security related reports.
For each recommendation, you’ll see the potential score improvement it can make, and these vary according to how much a particular action will improve your overall cybersecurity posture.
For example, something like “Require MFA (multi-factor authentication) for all users” can earn you 30 points, while something like “Turn on mailbox auditing for all users” may earn you 10 additional points.
In some cases, a recommendation can be recurring, such as reviewing a particular security report weekly.
Next, you’ll decide which improvement actions make sense for your organization, as you may not want to implement all of them (i.e. in some cases of lower scored actions you may weight user productivity ahead of a restrictive setting).
You’ll get the following options for taking action on a recommendation:
You can see how your score has changed over time and the actions taken to impact your score on the History tab.
It’s a best practice to have another administrator review the history of score changes over time as a double-check to identify any areas of security vulnerability and see how your security posture has improved over time.
With companies putting so much of their data in the cloud, the security of cloud services is imperative to ensuring overall business continuity. Haxxess can assist your Sudbury business with improving your overall security posture for both on-premises data and for cloud-based infrastructure.
Contact us today to schedule a free security consultation! Call 705-222-8324 or reach out online.