Blog > Critical Vulnerabilities

Five things to do on Office 365 to stay safe from hackers

We have reached the era where we all want to migrate to the cloud. Services and SaaS such as Office 365 require ever-increasing amounts of time and resources to manage, especially if you want to have an adequate level of security.

Rest assured, you're not alone - more than a third of attacks target SaaS like Office 365. So the time spent trying to protect these infrastructures is definitely time and resources well invested.

An interesting prey

Whether it's for email, client management, storage, or even video and audio tools, there's a way to do it online in the cloud.

According to Cisco, 95% of data will come from the cloud by 2021.

SaaS applications such as Microsoft Office 365 are becoming increasingly popular because of the enormous savings in management time and cost. On the other hand, its growing popularity is attracting malicious people - a gold mine of data and accessible from any location is the jackpot for hackers.

Although cloud computing service providers such as Microsoft Azure or Amazon Web Services are responsible for the security of their infrastructure, companies remain responsible for the security of their data hosted in the Cloud. So here are 5 important things you can do right now to protect yourself.

1. Enable logging. Definitely one of the most important things to do now to protect your Office 365. Why is it important? Because Office 365 can log all events through the application - completely changing the life of the technician who may be called in to intervene and investigate an incident. With access to user actions, it is much easier to reconstruct malicious scenarios and draw reliable conclusions. Here's how to enable logging in Office 365: https://docs.microsoft.com/en-...

2. Use Multifactor Authentication (or MFA). According to zVelo, phishing attacks will be the biggest challenge in cybersecurity. So it's not surprising that one of the best tips to protect your Office 365 is to add a layer of protection. In fact, identifying this type of attack is becoming increasingly difficult - here's a quiz to show you what it looks like. Even if a hacker were to stumble upon one of your passwords, he'd stumble upon the second layer of MFA authentication, which would complicate his attack.

3. Configure the security policies of Office 365. As a minimum, we recommend configuring access policies and restricting SharePoint and One Drive links. The following are Microsoft's recommendations.

4. Enable certain additional controls in Office 365. Additional measures included in Office 365 can also be enabled such as Advanced Threat Protection (ATP). This security measure allows you to configure, for example, measures against phishing attacks and to monitor traffic.

5. Organize a plan in the event of an incident. Because it happens. In the event of an attack on Office 365, it is important to have a strong and organized response plan, because this is not an investigation like any other - there are no devices or network devices to examine, hence the importance of activating and using security event logging. These events will allow you to analyze what went wrong and eventually help you fix the problem.

Would you like to learn more? We would be happy to discuss it with you.