The Top Microsoft 365 Security Concerns
Reading Time: 3 Minutes
Microsoft does an outstanding job securing its cloud services. However, cloud users must take responsibility for configuring and managing secure access and file sharing to minimise the risk of data leakage.
Which Microsoft 365 Business Package is right for you? Find out in this article.
Some IT Managers and most business owners might not be aware of the specific configurations within Microsoft 365 and could have open breaches for cybercriminals. In this article, we’ll be talking about some of these potential risks and how they can impact your business. Here are our top 5 security concerns.
Unauthorised or External File Sharing
Microsoft 365 enables users to collaborate with people outside of your organisation in applications like Teams and SharePoint, as well as by sharing files and folders directly. We talked about external sharing in Microsoft 365, and in particular Teams, in detail in other articles.
Not sure if Teams is the right tool for your business? Read this article to find out.
Files that are shared outside your network are vulnerable by default. With Microsoft 365, a user can share a single file or an entire folder. This grants access to all files currently in that folder and all its subfolders, as well as any new ones created there. For a decent guide on the subject, take a look at this guide by Netwrix.
Privilege Abuse
Users often wind up with more permissions than they need to do their jobs. Excessive rights increase your risk of a data breach. For instance, users can accidentally or deliberately expose or steal more data than they should. Similarly, malicious software or hackers who take over a user’s account can access more data and systems than they normally would.
Microsoft 365 doesn’t make it easy to restrict permissions based on business unit or country, or for remote or satellite offices. It’s also tricky to granularly grant admins rights to perform only specific functions, like resetting user passwords.
Global Administrator Account Breaches
Hackers and cybercriminals often target administrative accounts in their attacks. As a result, they gain access to elevated privileges. The centralised administration model in Microsoft 365 allows all administrators to have global credentials. Meaning administrators have access to every user’s account and content. If hackers manage to take over a global admin account, they can change critical settings, steal valuable data, and leave backdoors to enter again.
To reduce the risk of these powerful accounts being compromised, you can set up multi-factor authentication (MFA) in the Security and Compliance Center. Keep in mind that global administrator accounts do not have MFA enabled by default.
Curious about Multi-Factor Authentication? We have a one-page guide explaining how it works.
Disabled Audit Logs
Audit recording is not enabled by default in Microsoft 365. An administrator must manually turn auditing on. Similarly, to audit email mailboxes, an administrator must turn on mailbox auditing. These are essential features both for security and compliance and should be present at all times.
Understand that the audit log shows only events that occurred after auditing was enabled.
Short Log Retention Periods
Microsoft 365 stores audit logs for a short time. From just 90 days to a maximum of one year. For details on these settings, take a look at this link. Many compliance standards require storing audit logs for far longer than that. For example, HIPAA requires logs to be retained for six years. GDPR does not specify a retention period. However, it requires organisations to be able to investigate breaches, which can take well over a year to surface. By that time, the native audit logs are gone.
Remediating These Risks
At Spector, we have a full suite of tools that help us remediate these risks and ensure that your Microsoft 365 tenancy is and remains fully secure. As a Microsoft Gold Partner, our team specialises in understanding the whole suite of products available at the market. We’re keen on finding vulnerabilities, solutions and communicating them to our customers and partners.
We can use our expertise to help find vulnerabilities in your business too. Our Gap Analysis covers most business aspects that can be improved, from technology and compliance breaches to business operations and personnel training practices. For more information, please get in touch or book a call with one of our experts.