If you don’t think cybercriminals and hackers have been keeping an eye on Microsoft Office 365’s growing userbase during the coronavirus pandemic, think again.
Many businesses transitioned to a remote workforce during the COVID-19 pandemic to not only keep their employees safe but also meet local, state, and federal mandates. To accomplish both objectives, some businesses sought help from IT services providers, while others attempted to migrate workers on their own. Even though businesses needed to shift jobs to remote work quickly, their failure to coordinate with IT professionals amid the coronavirus pandemic could prove disastrous down the line. Many of the unintended consequences of their actions are already impacting the increasingly complex IT threat landscape today.
For example, cybercriminals have amped up their efforts amid the coronavirus crisis. Ninety-one percent of businesses reported an increase in cyberattacks with employees working from home, according to a global survey released in July 2020 by VMware Carbon Black. While threat actors are attacking SMBs (since many of their employees are ignoring practical security measures when working from home), they’re also targeting subscription services with growing userbases — and Office 365 is one of those solutions.
The Cybersecurity and Infrastructure Security Agency (CISA) in April 2020 issued an alert concerning the speed at which organizations are deploying Office 365. The agency’s fear at the time was that businesses wouldn’t be able to fully consider the security configurations of the platform (many companies were trying to move their employees to remote work fast as possible). But this wasn’t the first time CISA had warned the general public about Office 365’s security vulnerabilities.
In May 2019, the agency issued an alert about the potential risks associated with businesses transitioning to Office 365 and other cloud services. Both of CISA’s alerts highlighted many of the same security vulnerabilities and provided recommendations for mitigating Office 365 vulnerabilities.
Aware that cybercriminals could easily exploit these vulnerabilities if businesses failed to configure their environments correctly, Microsoft in July 2020 published its list of top ways to secure Office 365 for business plans. By following the tech giant’s recommendations, businesses can better protect themselves against cybercriminals and hackers attempting to access their networks through Office 365 vulnerabilities.
Some of Microsoft’s recommendations include:
- Set up multi-factor authentication.
- Train your users.
- Use dedicated admin accounts.
- Protect against ransomware.
- Stop auto-forwarding for email.
- Protect your email from phishing attacks.
No matter the size of your organization, securing your Office 365 business plan is essential in a world where the number and size of cyberattacks are increasing.
And if you’re not sure how to key to properly secure your Office 365 subscription, contact IT Practice and set up a No Cost Assessment.