The features and benefits of Office 365 are undeniable, allowing business owners and employees to access email and data from anywhere in the world via the cloud.
However, organisations transferring their operations to the cloud face a number of security implications - in particular, data access and defence against cyber threats like spam and malware.
Fortunately Office 365 features a range of security benefits, shown below, which help to mitigate risk.
Top 10 Office 365 Security Features and Benefits
- Highly secure date centres.
With Office 365, your data is held in highly secure data centres, physically protected from natural disasters and unauthorised access using biometric readers, motion sensors, video surveillance, fire prevention and seismic protection.
- Data is isolated and regularly backed up.
You don’t need to worry about the risks of sharing Microsoft’s data centres with thousands of other customers – using Active Directory, each tenant’s data is isolated using ‘silos’, safeguarding your data tightly, while also being regularly backed up.
- Data is hosted in regional servers.
With your data housed regionally, you can relax knowing it hasn’t been moved and stored in a low-cost location at the expense of security. Local storage can also help to align with state requirements on data protection.
- Advanced data encryption.
Your data and emails are secured using advanced encryption, both when at rest or in transit. Threat management, security monitoring, and file integrity also prevents or detects any tampering of your data.
- Turn privacy impacting features on or off to suit your needs.
Office 365 security includes Advanced Rights Management Service (RMS) technology, allowing you to pick the items you want to apply additional encryption to, so you can control who has access to your important files, wherever the content is located.
- Hard passwords increase the security of your data.
The use of hard passwords and multi-factor authentication provides an extra layer of protection for extremely confidential information. This can include an additional password acknowledgement sent to your smartphone by phone call, text message or app notification.
- Controls to remove data spillage.
Office 365 features controls that allow you to remove sensitive information that’s been inputted into the cloud. As long as you have the required privileges, you can use the eDiscovery tool to search for the message or document and hard-delete them.
- Transport Layer Security (TLS).
Transport Layer Security (TLS) ensures complete privacy between the applications you use and the people you communicate with, sending information over a network using a secure SMTP connection. TLS also enables your organisation to enforce encryption and restrictions to secure mail flow when working alongside a partner organisation.
- ‘PolicyTips’ for data loss prevention.
User error is an increasingly damaging source of data loss in many organisations. Office 365 features ‘PolicyTips’, which allows administrators to alert and remind staff of the rules for outbound emails. For example, if a member of staff tries to send sensitive data outbound, like credit card numbers or login credentials, an alert will appear to state that this isn’t allowed.
- Antimalware and antispam controls.
Inbuilt antimalware and antispam provides users with configuration options on how to manage their mailbox. You also have the choice of using your own antimalware or antispam protection – so you can route to and from Microsoft’s mail service through a third-party provider.
Office 365 Security Enhancements
Although Office 365 has a number of features and benefits, there are aspects of its security and service which can be enhanced to better protect businesses against ever-evolving cyber threats, while providing improved performance.
Zero-day (0-Day) threats
Cyber criminals are ahead of the game, and are able to distribute new threats in seconds, creating malware which are not yet known to AV vendors. These threats easily bypass organisational security defences that aren’t updated immediately or in real-time.
The Service Level Agreement for Office 365’s Exchange Online Protection (EOP) software claims to detect 100% of known viruses with updates every 15 minutes – this 15 minute update window creates a time delay for viruses to penetrate and infect your network.
Office 365 EOP is not as effective at defending against unknown, zero-day malware delivered via email, that can really hurt organisations financially.
Office 365 users may not be fully protected against sophisticated crypto malware, or other emerging threats by relying on the inbuilt AV functionality. You should therefore seek out a security solution that offers advanced protection against zero day threats such as cloud based email filtering.
Managing spam
Office 365’s spam filter sometimes treats legitimate email as spam, blocking relevant messages from your inbox. This ‘graymail’ may not reach the email recipient, meaning employees miss emails that were of actual relevance to them.
While all Office 365 plans offer administrator management of the spam quarantine, allowing you to release blocked graymail, some plans limit access to the quarantine through to the Exchange Admin Centre management interface.
In a busy working environment, having to manage graymail that’s been blocked by your Office 365 spam filter isn’t productive. A more accurate email filtering solution will save you the time spent checking your spam quarantine, allowing you to focus on your business goals.
While Office 365 features a range of security benefits to help organisations, you’ll need to take the above points seriously to avoid leaving yourself vulnerable to cyber threats and ensure your business operates without interruption.
Fortunately there are several ways to enhance Office 365’s security and service features, including implementing a third-party antimalware and antispam services, giving you a superior level of protection.
