May 09, 2019
CybersecurityOffice 365

7 InfoSec Concerns about Office 365

Information Security covers a broad range of responsibilities in an organization from data security to architectural sophistication, but all of it comes down to this singular purpose: creating an atmosphere for information that is as safe, accessible, and efficient as possible. When you’re thinking of Office 365 cloud migration, stay vigilant for these 7 hiccups InfoSec teams have found in Office 365.

If you haven’t seen the Top 8 Security Vulnerabilities in Office 365 Migrations, get familiar with potential migration pitfalls, and then jump in here to learn InfoSec concerns about Office 365.

1. SAML Authentication Breach

In 2016 Microsoft got into some hot water for its SAML authentication security loophole, where the name ID was not checked, exposing federated accounts–including sensitive company information in emails and OneDrive data. Microsoft patched this up in about 7 hours, but it goes to show even the best performing cloud platforms sometimes miss major security flaws.

2. Leaking Sensitive Information

Bulls in china shops can do much less damage if the sensitive material is all behind bullet-proof plexiglass. Whether it’s critical organizational data, Protected Health Information, or quarterly performance stats, you must be wise enough to recognize that human error is a big threat to sensitive information in companies. Office 365 security risks are in large part traced back to human error, but leaking sensitive information (mostly inadvertently) is a big risk that you do not need to take.

3. Scams

Even the wisest InfoSec guru among us can at some point fall prey to a phishing email. Scammers have gotten even better at what they do, using social engineering techniques to build rapport before striking so they slip under the radar.

Make sure your InfoSec people and the rest of your organization knows these scam-fighting tips:

  • Be aware of uncommon requests through email (i.e. wiring money) or strange email signatures from colleagues
  • Follow your intuition and follow up in person or on the phone before complying with suspect requests

This hilarious scam-fighting AI email bot can do some of the legwork for you, but you need to be proactive in protecting Office 365 data from scams.

4. Malware and Ransomware

I recently wrote about the ransomware threat that Shurl0ckr poses. Cryptoviral extortion is nothing new for InfoSec teams, but the sophistication and ubiquity of these threats are increasing each year. Office 365 updates its data security plan regularly, but it is likely not as agile as an organization singularly-focused on data security. Let Office 365 do what it does best in hosting your data, and then use a data security company to ensure that your sensitive company data is fortified.

5. Cryptojacking

Cryptojacking is the practice of crypto-miners who search for digital currency using your power and network. First-wave crypto criminals like CoinHive used your resources solely to mine for valuable cryptocurrency, but more recent cryptojacking perpetrators have left viruses on the public Windows servers of its victims. Cryptojacking is not in and of itself dangerous to your data, but it can indicate security vulnerabilities that may lead to data breaches. It is better to plan ahead and thwart cryptojackers before they can get into your system.

6. Compliance vs Security

One of the biggest InfoSec concerns in 2018 is compliance with GDPR regulations regarding access to personal data. Financial firms and healthcare organizations usually have IT protocols to protect personal data, but manufacturing and retail organization compliance with GDPR may require a bit of finessing. As you get your compliance strategy in place, make sure you account for information security for GDPR compliance.

7. SaaS Is Not Safe

Just because you trust the software provider does not mean your cloud-based software is safe from attacks. Your data in SaaS applications could be compromised if their data centers do not have sufficient security. IP address security is compromised when a team member decides to work from their personal computer. SaaS data needs backup and security as well, especially when it connects to your Office 365 data.

Safeguard your Office 365 data against these InfoSec concerns and ensure searchability with Backupify.

Click here to start your FREE 15 day trial now!


SaaS Data Under Siege: Ransomware’s Rising Threat

Your cloud data could be just as vulnerable to the next wave of cyberattacks as data hosted on-premises

Office 365 logo

Secure Office 365 data protection. Backupify delivers fast recovery of Exchange, OneDrive, SharePoint Online, Calendar, Contacts and Microsoft Teams data.


Office 365 logo

Google Vault alone does not ensure your G Suite data is recoverable. Quickly restore lost data from Gmail, Calendars & Contacts, Drive and Shared Drives with Backupify.


See Why Backupify Wins SaaS Backup