Information Security covers a broad range of responsibilities in an organization from data security to architectural sophistication, but all of it comes down to this singular purpose: creating an atmosphere for information that is as safe, accessible, and efficient as possible. When you’re thinking of Office 365 cloud migration, stay vigilant for these 7 hiccups InfoSec teams have found in Office 365.
If you haven’t seen the Top 8 Security Vulnerabilities in Office 365 Migrations, get familiar with potential migration pitfalls, and then jump in here to learn InfoSec concerns about Office 365.
1. SAML Authentication Breach
In 2016 Microsoft got into some hot water for its SAML authentication security loophole, where the name ID was not checked, exposing federated accounts–including sensitive company information in emails and OneDrive data. Microsoft patched this up in about 7 hours, but it goes to show even the best performing cloud platforms sometimes miss major security flaws.
2. Leaking Sensitive Information
Bulls in china shops can do much less damage if the sensitive material is all behind bullet-proof plexiglass. Whether it’s critical organizational data, Protected Health Information, or quarterly performance stats, you must be wise enough to recognize that human error is a big threat to sensitive information in companies. Office 365 security risks are in large part traced back to human error, but leaking sensitive information (mostly inadvertently) is a big risk that you do not need to take.
Set blocks in Office 365 so only authorized users can access sensitive data
Implement Office 365’s DLP policy for your organization
Make Backupify’s Office 365 solutions part of your DLP plan
Even the wisest InfoSec guru among us can at some point fall prey to a phishing email. Scammers have gotten even better at what they do, using social engineering techniques to build rapport before striking so they slip under the radar.
Make sure your InfoSec people and the rest of your organization knows these scam-fighting tips:
Be aware of uncommon requests through email (i.e. wiring money) or strange email signatures from colleagues
Follow your intuition and follow up in person or on the phone before complying with suspect requests
4. Malware and Ransomware
I recently wrote about the ransomware threat that Shurl0ckr poses. Cryptoviral extortion is nothing new for InfoSec teams, but the sophistication and ubiquity of these threats are increasing each year. Office 365 updates its data security plan regularly, but it is likely not as agile as an organization singularly-focused on data security. Let Office 365 do what it does best in hosting your data, and then use a data security company to ensure that your sensitive company data is fortified.
Cryptojacking is the practice of crypto-miners who search for digital currency using your power and network. First-wave crypto criminals like CoinHive used your resources solely to mine for valuable cryptocurrency, but more recent cryptojacking perpetrators have left viruses on the public Windows servers of its victims. Cryptojacking is not in and of itself dangerous to your data, but it can indicate security vulnerabilities that may lead to data breaches. It is better to plan ahead and thwart cryptojackers before they can get into your system.
6. Compliance vs Security
One of the biggest InfoSec concerns in 2018 is compliance with GDPR regulations regarding access to personal data. Financial firms and healthcare organizations usually have IT protocols to protect personal data, but manufacturing and retail organization compliance with GDPR may require a bit of finessing. As you get your compliance strategy in place, make sure you account for information security for GDPR compliance.
7. SaaS Is Not Safe
Just because you trust the software provider does not mean your cloud-based software is safe from attacks. Your data in SaaS applications could be compromised if their data centers do not have sufficient security. IP address security is compromised when a team member decides to work from their personal computer. SaaS data needs backup and security as well, especially when it connects to your Office 365 data.
Safeguard your Office 365 data against these InfoSec concerns and ensure searchability with Backupify.