Last year businesses, hospitals, banks and governmental institutions were plagued by a number of major security breaches. So it shouldn’t be a surprise to anyone that this year security is at the forefront of most business strategies, with many turning to MSPs to provide solutions that will keep their data safe and intruders out. And this has created some interesting opportunities for MSPs. So we sat down with Guillaume Boisvert, SherWeb’s Security and Compliance Product Director , to talk about Office 365 security and how MSPs can better protect their customers in the cloud.
Is your Office 365 instance safe? Click here to learn more about Office Protect and how it can help secure your data from hackers.
Q: Why is Office 365 often targeted by hackers?
Office 365 is now one of the prime targets for two reasons. One, it is used by 90-95% of companies, and if you’re somebody working to gain access you’re going to target the largest base. Secondly, that is where people store their information. If I want to have access to something sensitive to do something nefarious, then I’ll target where the information is. So those two factors are why people are targeting Office 365.
Q: What are the biggest Office 365 security threats to SMBs today?
The two biggest security threats to SMBs these days are; insider threat, which is basically an authorized user (somebody that is meant to be there that has the proper access) taking action that will be damaging to the SMB. And the other one is just random people, basically volume attacks. So people that are just scanning the internet for deficiencies, or sending spyware emails to millions of people. Sadly SMBs are often the least protected against attacks like that so even if they’re not specifically targeted they often fall victim.
*Statistics come from cloud usage data that we analyzed from Skyhigh Cloud Access Security Broker for over 27 million users working at over 600 enterprises. These enterprises span all major industries worldwide.
Q: How can people protect themselves in the cloud?
Security in the cloud is inherently better than it was on premise, so the notion that security is harder to attain in the cloud is actually false. For most SMBs they don’t have access to enterprise-grade security if they’re on their own, they don’t have the budgets, they don’t necessarily have security experts. When they use cloud service providers they get access to specialists, enterprise-grade infrastructure and security. Just this step of going into the cloud is a great way to increase your security posture.
Do You Really Need to Backup Your Customers’ Office 365 Data? Check out this blog to get the answer!
Q: How big a threat is Bring-Your-Own-Device (BYOD) for SMBs?
BYOD is an interesting question when it comes to security for SMBs. It was all the rage a few years ago. But I think the reason it has died down a lot is security. It was more flexible, but it has been shown as not being practical when it comes to security. And IT departments have shown that they want to keep control, and would rather provide their own devices.
There are a number of tools that can be used to improve security for BYOD. Services like Intune from Microsoft is a good mobile device management, for example. But it is always a struggle between the balance of flexibility and security. The amount of flexibility that you give to users will always challenge your security. So it is a choice, and a well informed MSP can present those options to a client so they can make decisions on what they want to do.
Interested in learning more about Mobile Device Management? Check out this blog: Office 365 vs. Microsoft Intune
Q: Do you have any Office 365 security tips for MSPs who want to better protect their customers?
When it comes to the security of their end customers, MSPs have to think of security as layers. So there is no security, you cannot buy security. What you do is you put in place different layers of protection and each of those layers increase that security posture. It then becomes a balance between the budget of the client and the amount of security they need to meet either just normal security or compliance.
However, there are a number of Office 365 security features built in, such as; audits and multi factor authorizations. The challenge is always to be aware of those settings and to apply them. Microsoft provides some tools like the Security Center, to help guide you in the direction of those settings, and in most cases there are no fees attached to them.
Download Our Free PowerPoint Deck!
7 Free Things You Can Do to Improve Your Clients' Office 365 Security Posture
Find out what you can be doing to better protect your clients, why you should be taking these precautions and a step by step guide of how to implement these procedures.