If you rely on Microsoft Office 365 for the many tasks your company needs to complete each day, you're not alone. Over a million companies worldwide depend on office suite software. The fact that so many companies use the software applications is a testimony to how much value they can bring to your business. Unfortunately, using popular software and platforms for business use isn't all good news. As a business leader, your research made you aware of the popularity of Microsoft Office 365. For cybercriminals, the same information is only a click away. Threat actors understand that businesses present a lucrative attack target. Therefore, devising an impactful attack that exploits widely used third-party software offers a higher rate of success with potentially large payoffs.
For most businesses, the idea of halting the use of reliable software that many employees are familiar with is not something to be taken lightly. After all, it accomplishes the tasks it's designed for, and developing new processes is time-consuming, expensive, and might not yield the same results. While dumping a dependable third-party you obtain valued services from isn't likely the best idea, it is essential to assess the security vulnerabilities Microsoft Office 365 might present.
From a business standpoint, the information you know about Microsoft Office 365 is likely very different from the details absorbed by cyberattackers. For instance, you know specific Office applications or platforms can improve productivity. In contrast, cybercriminals learn about vulnerabilities presented by default settings or previously exploited weaknesses that may not have been addressed by your company. When millions of businesses use Microsoft, this knowledge is increasingly valuable to threat actors. Unless you assess your company's individual Office 365 security level, you could already be exposed to recognized Office 365 vulnerabilities that hackers are aware of.
Luckily, Microsoft Office 365 doesn't have to be your business' security downfall. There are methods you can use to determine your company's current vulnerability level and improve your security posture. By improving your knowledge about your current protection level, the types of assessments available, and strategies for improvement, you can decrease your potential of becoming a victim of cyberattacks that target Office 365.
What is Microsoft Office 365 Secure Score?
While there has been much talk surrounding the potential vulnerability of Microsoft Office 365, the platform isn't lacking in security tools. The Microsoft 365 secure score is a pivotal security tool that can help you determine your level of vulnerability and find ways to improve your security posture. Described by Microsoft as a measurement of an organization's security posture, with a higher number indicating more improvement actions taken, your secure score can be found in the Microsoft 365 Defender portal.
Defender continually assesses your cross-cloud resources for security issues. These findings are combined into a single score that tells you at a glance your current security position. While a mere peek at your secure score will provide you with an instant view of how your security posture compares to Microsoft's recommended standards, Microsoft Secure Score is actually an assessment tool that offers users a way to complete these tasks:
- Report on the current state of the organization's security posture
- Improve security posture by providing discoverability (your current security or lack thereof), visibility (security actions that have not been taken), guidance (recommended steps to improve security), control (recommended steps are accompanied by an explanation of how security actions will affect use).
- Compare with benchmarks and establish key performance indicators (score comparison with similar organizations)
How is all this accomplished with a single score? Microsoft Secure Score includes a full dashboard with access to robust visualizations of metrics and trends, integration with other Microsoft products, score comparison with similar organizations, and recommendations for improved security posture.
Your unique secure score is calculated based on security-related actions (like system configurations and user behavior) you've taken to address potential vulnerabilities in Office 365 tenants. The score can be accessed by users with reading and writing roles and read-only rules as follows.
Read and Write Roles
This level of access allows users to make direct changes and interact with Secure Score. As one of these administrators, you can also assign read-only access to other users.
- Global Administrator
- Security Administrator
- Exchange Administrator
- SharePoint Administrator
With read-only access, users aren't able to edit status or notes for an improvement action, edit score zones, or edit custom comparisons.
- Helpdesk Administrator
- User Administrator
- Service Support Administrator
- Security Reader
- Security Operator
- Global Reader
How to Find and Use Your Secure Score
The Microsoft Secure Score tool is free to use when you are logged into your account and have one of the permissions roles described above. In the Microsoft 365 Defender portal, choose Secure Score in the left-hand menu. On the Secure Score Overview Page, you can view your total score and the waypoints are split between groups. You can also see actions that need reviewing, top improvement actions, and comparisons with similar organizations.
By selecting the Improvement Actions tab, you can view the top recommendations to improve your score and the impact each improvement will have on your total score. When you click on a specific improvement, a new pane appears that includes information about your current level of usage of the recommended action to clarify your security posture (or lack thereof). You'll also have an opportunity to learn how many users will be affected by the change in security protocol which is essential to understand the level of disruption the change could lead to. Selecting the implementation tab on this pane provides a step-by-step guide to utilizing the recommended security action.
Other Types of Vulnerability Assessments for Microsoft Office 365 Security
Since Office 365 is so widely used, it should come as no surprise that businesses and third-party providers are aware of potential security risks within the platform's many tenants. While the Microsoft Secure Score provides an individualized vulnerability assessment and recommendations for improvement, the tool is designed to work with other Microsoft security products. However, security actions performed by a third party or alternate solution can be used to improve your score. Furthermore, the act of balancing security with usability within a large business network can be complex. For some organizations, assessing Office 365 security vulnerability with the Microsoft Secure Score alone won't be the most logical solution. Like most cybersecurity solutions, there are multiple options available.
Third-Party Office 365 Vulnerability Assessments
It's common for businesses and organizations to have relationships with third-party providers for the implementation and security of software, infrastructure, and other modern technologies. Some of these providers offer specific services designed to assess Office 365 vulnerabilities. For instance, some ERM and CRM consultants offer vulnerability assessments for Microsoft Office 365, either as part of implementation or as a separate service. These assessments may also include services to assess compliance with specific regulations.
If you depend on an MSSP for cybersecurity services, your provider should integrate the security efforts designed to protect your network with the Office 365 platforms used by your organization. Many cybersecurity providers offer assessments that investigate your overall security posture, potential security gaps, and gap assessments to create a compliance readiness plan. Security assessments provided by cybersecurity providers are structured to evaluate vulnerabilities in your network and create long-term plans to continually improve the overall security posture in all platforms, devices, and actions.
Office 365 Security Assessment Questionnaire
In March 2017, Microsoft released a detailed questionnaire designed to provide a better understanding of an organization's security objectives and requirements. The questionnaire is designed to be part of a 2-day security assessment workshop. Completion of the questionnaire usually requires input from several product team members who would also be expected to participate in the on-site workshop.
The Office 365 Security Assessment Questionnaire includes detailed questions that cover:
- Platforms deployed within your organizational network
- Microsoft Security products that have been deployed or planned to be deployed
- Devices enabled for Office 365 functionality
- Specific security concerns
- Use of SIEM and whether your SIEM is integrated with Office 365
- Top security challenges
- Compliance obligations
- User practices to manage cybersecurity risks
How to Improve Your Microsoft Office 365 Security Posture
After discovering the potential security risks within Microsoft Office and learning about the tools provided by the company to address such risks, you might be wondering why Office 365 isn't automatically configured with these security protocols in place. The answer comes down to usability. Microsoft Office 365 products are designed to improve productivity and streamline the ways companies do business. Strict security protocols can change the way tasks are carried out and make use of the platform more challenging for users. By allowing organizations to choose the security protocols they need for adequate security, Microsoft allows users to find the unique balance they need between security and usability. While this means that Office 365 does have vulnerabilities, these steps can help you improve your Microsoft Office 365 security posture.
Check Your Microsoft Secure Score
Your secure score will provide you with a starting point to evaluate your current security posture and offer suggestions to improve your security levels within the tenants used by your organization. While the recommendations provided by the Secure Score only include Microsoft products, the dashboard can work to clarify security issues that exist within your network. By pinpointing the issues that lower your score, you can more accurately determine the steps needed for your organization to eliminate security gaps through Microsoft Secure Score recommendations or with the help of an experienced MSSP.
Integrate Your SIEM With Office 365
For most organizations, an effective Security Information and Event Management (SIEM) system is an essential part of your overall cybersecurity efforts. Your SIEM system is the technology in your network's security stack that collects event logs, normalizes the data, and parses the information into categories that define what activities are suspicious. While it's possible to collect audit logs from O365, the data can be difficult for typical users to understand and use effectively. By integrating your O365 platforms with your SIEM solution, you gain the same level of security applied to other parts of your network through your security provider.
Events collected by your SIEM can highlight potentially risky behavior like file sharing and download activity, authentication events, Outlook email activity, threat alerts, and more. SIEM is designed to offer complete visibility into your system. When you use an industry-leading SIEM system like Securonix, automatic integration with third-party software like O365 extends the same visibility and protections to the cloud systems that have the potential to present added vulnerabilities.
Limit Employees With Global Administrator Status
Access to administrative privileges put bad actors in a position of power. Unfortunately, companies often elevate this important status to many staff members to ensure ease of use throughout business platforms. By investigating the number of employees that have administrative powers, and determining why their roles require such access, you can narrow down the global administrators within your company.
Business email compromise (BEC) and other phishing attacks that exploit user credentials are on the rise. Limiting high-level permissions to the members of your team to need such access for daily tasks reduces the potential for stolen credentials that can be used in phishing or other cybersecurity attacks. A reduced number of global admins also makes it easier for your organizations to apply strict security protocols, like multi-factor authentication and zero trust identity, to these high-level accounts.
Protect User Identities With Multi-Factor Authentication
Some security tools are available within O365, but they're not set as the platform default. Multi-factor identification (MFA) is a perfect example of this. MFA requires a secondary form of authentication for users to access high-level accounts. For instance, after providing the correct password, the user will be sent a verification code to finish the login process. The National Institute of Standards and Technology (NIST) guidelines on password security now specifically recommend the implementation of MFA. Also, the United States Department of Homeland security now recommends that all Microsoft Office 365 users implement MFA.
MFA is never a bad idea but it's essential for global admin accounts. By investigating how many users have MFA activated and how many users with admin roles have disabled the feature, you can get a better understanding of the accounts at risk. Whether you choose to require MFA for all O365 users or only for those with global admin access, it must be activated manually.
Secure Office 365 Email
Over 90% of malware is delivered by email. As an essential method of communication in most businesses, an average user might examine hundreds of emails each day. To manage this high level of information, email platforms must be convenient. Unfortunately, the sheer volume of emails also serves as a way to lower the attentiveness of the user. For hackers, this and many other vulnerabilities make email access a potential gold mine.
Sophisticated threat actors are aware that email is not automatically secure. This is why it's essential to develop a comprehensive email security plan for your O365 email accounts. Implementing these practices can help you strengthen Microsoft's weakest link.
- Run routine phishing tests on all staff members.
- Use multifactor authentication for email accounts.
- Disable auto-forward in all business email accounts.
- Develop strong rules surrounding information that can be shared via email (like never sharing personal information).
- Ensure remote employees only use trusted Wi-Fi networks when using business email accounts.
- Invest in email security software.
Change How Documents are Shared
Microsoft Office 365 is designed for convenient correspondence and collaboration. This means documents can be shared between users in a variety of ways. While this level of sharing can be great for improving efficiency, it can be extremely dangerous for security. 88% of data breach incidents are caused by employee mistakes. When such a mistake includes the act of sharing sensitive data, the consequences can be extreme. In Microsoft 365, both OneDrive and SharePoint can be used to share documents with co-workers, clients, vendors, and partners.
To avoid oversharing, these actions can be taken to limit sharing within O365.
- Turn off Guest Sharing in Teams or in specific domains.
- Limit SharePoint site sharing to site owners only.
- Make specific sites read-only by changing the lock state of the site.
- Customize access levels with SharePoint permissions inheritance.
- Limit sharing to specific people with sharing settings in Site Permissions.
- Disable "People in your Organization" sharing links using PowerShell.
- Use email encryption to prevent unwanted sharing of emails.
- Set up conditional access policies for users and devices.
Invest in Your Organization's Overall Security Posture
Effective cybersecurity is a crucial tool in business management. To maintain effective security against today's sophisticated cyberthreats, it's essential to utilize specialized technology as well as the actions of experienced cybersecurity professionals. For most organizations, an on-premise security operations center (SOC) that maintains 24/7 protection is impossible to obtain. For this reason, managed security services as a partial or complete cybersecurity solution are growing in popularity.
To maintain effective protection levels against attackers, your cybersecurity efforts should include actions to detect and prevent potential attacks as well as those that offer analysis, investigation, and response for successful attacks. These protections will include technologies overseen by security professionals that provide these essential actions:
- Log management
- Endpoint detection and response
- AI for proactive threat protection
- Security orchestration, automation, and response (SOAR) to decrease response time
- Network monitoring for complete visibility
- Expert level analysts that oversee tools and technologies
For any organization to achieve adequate cybersecurity, it's essential to promote a security-first business culture. Even the strongest cybersecurity systems can be derailed by the actions of humans who make decisions to allow attackers into your network. For effective use, all devices and systems are run by humans. This means employees can make choices to click links, disable security functions, and share sensitive information. Investing in cybersecurity education for employees can turn your potentially weakest security link into your strongest defense.
Education for employees should provide information about the dangers of cybersecurity attacks, examples of commonly used attacks, and security best practices for preventing these attacks. Begin with the creation and implementation of a cybersecurity employee policy and include these important elements in employee security training.
- Routine updates about current threats
- Password security training
- Optimal security settings for platforms, applications, email, and other technologies
- Recognition techniques for phishing and social engineering attacks
- Routine cybersecurity testing to ensure your network isn't subject to new vulnerabilities
Assess Your Unique Vulnerability Level Presented by Microsoft Office 365
Microsoft Office 365 provides businesses and organizations with a variety of tools to streamline business tasks and actions. Unfortunately, the popularity of the platform can mean your network is exposed to additional vulnerabilities. Microsoft Office 365 is designed for convenience, productivity, and streamlined usability. This means many available security features are not set by default. Threat actors are aware of the vulnerabilities that may exist in your network and you should be too. By performing a vulnerability assessment for Microsoft Office 365, you can evaluate your current security posture and take steps to improve your organization's level of security.
Like other aspects of cybersecurity, your Microsoft Office 365 security vulnerabilities and settings can be complicated. You don't have to learn how to perform a security assessment on your own. As companies use third-party integrations to migrate data to the cloud, threat actors will find ways to exploit potential vulnerabilities to make a profit. Highly trained cybersecurity professionals are familiar with the risks presented by third-party cloud applications and platforms. These experts stay ahead of risks with tools and methods designed to assess security gaps and eliminate them. If you're having difficulty determining your vulnerability risk presented by Microsoft Office 365, the experts at Bitlyft can help. Learn more about how BitLyft can help with Office 365 and a full cybersecurity operations schedule with a needs assessment to help create your tailored cybersecurity solution.