These days, most companies are utilizing cloud technologies. In 2018, Microsoft announced that there were over 155 million business users on Office 365, and this continues to grow rapidly.
While the cloud offers great benefits, many businesses give little thought to security as they make this transition. Exchange Online (Office 365 email), for example, has significantly greater security capabilities but those capabilities are often ignored in the rush to implement Office 365.
Here is a common scenario: an employee receives an email that appears to be from Microsoft which directs them to an Outlook Webmail login webpage that is an exact replica of Microsoft’s own website and enters their credentials.
Nothing appears to happen, and so the employee goes on with their day. But they have just been “phished” and unintentionally handed their credentials over to an unknown third party. The fraudster now has complete access to the mailbox and can use it for all sorts of purposes, such as:
- Impersonating the user to make fraudulent requests.
- Using the mailbox and contact lists to spread more phishing emails.
- Theft / snooping of information within the mailbox.
The good news is that there is usually a lot you can do to secure your cloud applications. In Microsoft’s case, the security capabilities of Office 365 far exceed anything possible on-premise. Consider multi-factor authentication, enabling mailbox logging, disabling external email forwarding rules and ongoing end user training as good places to start.
You also need to consider the growing number of different cloud platforms that the average company/ employee accesses daily (Dropbox, 365, Carbonite, Google Apps, etc.). Keeping track and securing these different accounts is challenging to manage.
You want to ensure that you’re maximizing the security capability of each platform that you are using, storing those passwords securely, and (again) prioritizing multi-factor authentication.
An even better option is to see if your cloud application supports Single Sign On (SSO). With this, you may be able to connect your cloud app to your Microsoft account and voila! You not only have one less login to keep track of, but you also get to enjoy all the security capabilities of your existing Microsoft account. SSO can greatly reduce the day-to-day hassle of those extra security measures.
If you have any questions, feel free to email me at: firstname.lastname@example.org.