Office 365 is arguably the finest Business Productivity suite ever created. From email to instant messaging, video and auto conferencing, file storage/sharing, automation, workflows and more, it's a business powerhouse if leveraged properly. However, as with many cloud applications, there are a couple of general (and very concerning) misconceptions.
It's an extremely robust product with military-grade encryption and a huge amount of resources (people and tech) working tirelessly on its general security, so that's enough right? Unfortunately not.
The product is designed to be easy to use, highly accessible and without 'over the top' security controls that would impact users in their day to day operations. Great. However, these 'features' also expose it to compromise via phishing, social engineering, or attacks from the numerous devices that are used to access it. It's happening every day, all over the world.
Office 365 needs to be customised by an expert to ensure the security of this ever extending platform - protecting you from the constant and serious threat of email compromise, viruses, ransomware, and other malicious activity. Hardening your tenant is an excellent first step, however, the real solution is multifaceted, taking into account the system itself (Offiec 365 Cloud), devices that are used to access it (laptops, phones, tablets etc), and most of all, people. Even with the most advanced security technology and configuration deployed, we (humans) are the weakest link. Cybersecurity is everyone's responsibility, and we need to ensure users are aware of this.
Whether you're a business of 1 person or 10,000 people, YOU are a target. Ironically, it's those who think they are less of a target who are actually the most at risk - small and medium business. So many small and medium businesses think "no one would bother targeting us...", and therefore do not invest time and money into securing their systems. Hackers are coming for you, and unless you take proactive measures, you WILL become a victim.
Business email compromise (BEC) is when an attacker accesses or takes over your email account, generally for the purpose of extortion or convincing someone to transfer money into an illegitimate account. It's already incredibly common and is further on the rise. An incident such as this could have devastating effects on you and your business with the average cyber incident in Australia costing more than $75,000 (there are reports of several millions being lost in one go!). A severe attack could literally wipe out your business overnight. What are you doing at the moment to protect yourself? and what should you be considering? Our recommendations in this area are
In summary, if you don't know for sure that your Office 365 is secure, it is NOT. Engage with a specialist to begin rectifying these issues and train your users to ensure the ongoing success and prosperity of your organization.
We hear this almost every day, users assume their Office 365 is backed up automatically. It is NOT. The system provides geo-redundancy, in case, for instance, the Victorian data centre goes offline, the NSW one will take over. That's pretty great, but what happens if you delete data? This geo-redundancy means it'll be deleted in both locations (some information will sit in the recycle bin for a period and can be restored, but this is not always the case). Can you afford to lose your precious information?
It's imperative to activate a 3rd party service to ensure all emails, communications and data is securely backed up, regularly, to another location. In the case of ransomware, virus or a malicious attempt to destroy your data by a bad actor or disgruntled employee, you could be left in the lurch. Recently a client reported that one of their staff deleted years worth of information prior to leaving the company. Unfortunately, they had no 3rd party backup, so the data was gone. It's relatively cheap to back up - so don't overlook this absolutely crucial step!
From a company who sees and deals with CyberCrime on a daily basis, I implore you to think about how a Cyber incident could affect your business. With no exaggeration - a single incident could spell the end of your company. Are you willing to risk it?