Office 365 Security Strategies for Small Businesses

Office 365, Microsoft’s cloud-enabled productivity software suite, is a popular small business solution. With pay-as-you-go pricing, a rich mobile collaboration feature set, plus the classic Office desktop apps (Word, Excel, PowerPoint and Outlook), it’s little wonder why entrepreneurs are gravitating toward Office 365.

As usage proliferates, so does the amount of sensitive information entrusted to the platform. Rattled by the cybersecurity scare of the week, it’s only natural that small business owners to worry about how to secure their company’s vital data on Office 365.

“Businesses of all sizes are concerned about data security, especially the loss or public sharing of sensitive and confidential data. Stories about data breaches at large organizations have become commonplace, and this can lead small business owners to incorrectly assume that only large, well-known organizations are the targets of hackers or insider threats,” Kirk Averett, general manager of Cloud Office at Rackspace, told Small Business Computing.

“In fact, small businesses are often the victims of these types of events, with four in 10 small businesses falling victim to a cyberattack,” he continued, citing a study from National Small Business Association (NSBA).

In 2013, the NSBA found that 59 percent of small businesses had suffered a service interruption due to a cyberattack. More than a third (35 percent) reported that their domains or email addresses were spoofed and used to distribute false information.

“Email has long been a preferred attack vector of hackers, but it is also an easy way for insider threats to share confidential data, whether intentionally or accidentally, Averett added. With 13 years of experience in the hosted email market, Rackspace has gathered some its security best practices in a new e-book, The Rackspace Guide to Protecting Your Small Business with Office 365.

Here are some highlights.

Empowered Exchange

One way to combat data loss, whether out of carelessness or sketchy employees, is to put Exchange Online on the case.

Exchange Online Plan 2 and E3 can be configured to prevent authorized users from emailing specified types of sensitive data and attachments. Additionally, Office 365 Security & Compliance Center’s data loss prevention policy creation features can help keep a tight lid on business information.

“For instance, you can identify any document or email containing a health record that’s shared with people outside your organization and automatically block access to that document or block the email from being sent,” stated the e-book.

Mobile Device Wrangler

Microsoft Office may be synonymous with business desktop computing, but today it’s just as likely that workers are fine-tuning Word documents or sending urgent emails on their iPads or Android smartphones.

Sure, on-the-go productivity is a boon for today’s workforces, but the downside is that compact and sleek smartphones and tablets are often easier to lose, or worse, wind up stolen. Rackspace advises using Mobile Device Management for Office 365 to control access to Office content on mobile devices. If a device is reported lost or stolen, businesses can wipe their sensitive data remotely.

No Phishing Allowed

One of the reasons ransomware is running rampant is that users keep falling for phishing emails. In fairness, cyber-scammers have grown craftier, making it tougher for users to distinguish between legitimate emails and phishing attacks.

Exchange Online Protection, a part of all Office 365 bundles that include Exchange, includes a tool called Safe Links that monitors emails for malicious links. The feature dynamically blocks users if they click on links lead to dangerous sites. It adds another layer of protection to Exchange Online Protection’s existing malware- and spam-fighting capabilities.

Must Read