It used to be the case that the most prevalent misconception people had about cloud-based apps was that they were inherently unsafe. This was due to a misunderstanding about how data is stored and protected in the cloud. This is no longer the case, with more and more organisations now relying on cloud-based productivity suites like Office 365 for a big part of their daily work.
That being said, there are still many misconceptions people have about the level of cybersecurity Office 365 apps offer by default, which is why today, we’ll take a closer look at what Microsoft can and can’t do to protect your organisation’s data.
What Office 365 users get wrong about SaaS cybersecurity
With time, more and more business leaders have bought into the idea of cloud computing, understanding that the likes of Microsoft and Google have the resources to protect their data very well. These people now hail cloud computing as an effective way to support modern, flexible workplaces and a way of not overpaying for your IT.
However, the problem is that with this shift in perceptions, new misconceptions have gotten hold of people who rely on tools like those found in O365 for the majority of their work. Now the number one thing people misunderstand when signing up their organisation to use a SaaS productivity suite like O365 is about where the app’s responsibility for your data ends and theirs begins.
Despite what you might think, Office 365 has never been intended to be a truly complete IT solution. While Microsoft is certainly big and powerful enough to keep your data very safe against outages and cyberattacks targeted at them, this doesn’t mean they can effectively protect you from similar threats targeting your organisation.
What this means is that while Microsoft is excellent at protecting the Office 365 infrastructure from physical and network attacks, they can’t provide comprehensive IT security outside its apps. From this, it follows that unless you take deliberate steps to protect your organisation as a whole against cybersecurity threats, criminals could gain access to your business data – including the data stored on the cloud through Office 365.
Office 365 cybersecurity concerns
The most significant cybersecurity concerns within O365 SMEs need to be aware of are related to the easy sharing options, the ability to synchronise files from your on-premises devices into the cloud and the lack of a purpose-built data backup tool from Microsoft.
First of all, you have to be careful when it comes to who is granted access to business documents. With threats like phishing that can help cybercriminals mask themselves as regular users and administrators, it’s a good idea to have a robust strategy for who needs access to important documents and what kind of changes – if any – they can make.
However, to effectively protect your work from unauthorised access you’ll also need to implement some modern cybersecurity tools rather than relying on the protection Microsoft offers you as a default – more on this later.
The ability to synchronise on-premises files with the cloud is another feature of Office 365 that can make life a lot easier for your employees, but it doesn’t come without its risks. By using One Drive on your device you can sync changes made offline to the cloud so that you can easily work from anywhere.
However, this means that any IT security threats that get a hold of your on-premises infrastructure gain easy access to your cloud storage where it will corrupt the files affected within your on-premises network in the cloud, too. This would mean that if you don’t have a third-party data backup solution, you could lose all of your data for good. A data leak like this is ultimately your responsibility, not Microsoft’s, as the attack got in through your endpoint devices.
What kind of third-party support do I need?
Microsoft does provide some additional cybersecurity tools to Office 365 users to help them better protect their organisations. These include Office 365 Cloud App Security which detects threats based on user activity logs. This product does include data loss protection but this is only available to Office 365 Enterprise users on an E3 or higher subscription, making it less ideal for SMEs.
Advanced Threat Protection, another of Microsoft’s cybersecurity solutions we’ve covered on this blog in the past, also offers incomplete protection against data loss. Having a backup solution at your disposal means you’re covered in the event of accidental deletion as well as malicious data security threats like ransomware, and for comprehensive coverage, you’ll have to look beyond Microsoft’s own products.
For more information on this topic and some product recommendations, check out our recent series of articles on data backup.
That’s not to say investing in a backup solution is the only thing you need to do to protect your business from data loss and cybercrime. As we come back to time and time again on this blog, user vigilance is one of the most important aspects of cybersecurity, and investing in some cybersecurity awareness training or working towards a Cyber Essentials certificate for your organisation can make a huge difference in your IT security.
Additionally, utilising next-gen antivirus software or an endpoint protection solution helps keep your work devices, often used as a gateway to your cloud data, secure against cybercriminals. A more robust spam filtering product is another excellent addition to your IT security repertoire. Together with a data backup solution, these tools provide excellent coverage for your organisation’s data.