The Government have issued their latest security advisory for Office 365. It is the second such advisory published in recent months.
Following on from an update in December 2018 the National Cyber Security Centre has again urged about increasing security for Office 365. This latest advisory also coincidences with further advice from Microsoft.
Why are the Government concerned about Office 365 security?
Cloud adoption is growing rapidly, especially among businesses. The number of companies using the cloud has almost doubled since 2014.
Sadly, the rise of cloud usage has also seen a similar increase in cyber attacks on cloud-based products. The rapid adoption of Office 365 by UK businesses has made the platform a particularly attractive target to cyber attackers.
In December 2018 the NCSC issued an advisory addressing the increased targeting of the Office 365 platform. Microsoft has also published their own guidance to help educate businesses on how to protect themselves when using the cloud-based product.
Using multi-factor authentication
In their latest advisory, the National Cyber Security Centre has made a direct "plea" for businesses to start using MFA.
Multi-factor authentication is an authentication method where a user needs to verify authorisation more than once. Two-factor authentication is the most common form of MFA.
Once you enter your password, you will be prompted for another form of authentication. This could involve entering a code from a text message to your phone, or via an authenticator app.
MFA is so highly recommended because even if a cyber attacker has your password and access to your computer, they still can't gain access.
New guidance from Microsoft for securing Office 365
Microsoft has released new security guidance to help Office 365 installations to meet the standards set by the NCSC. This is essential information. Please check with your IT support provider that they have read and actioned both pieces of guidance.
In large quotations - please check with your IT support provider that they have read and actioned both pieces of guidance
Microsoft's advice covers all of the Office 365 services. Following the measures, will ensure your business is safely using the cloud-only features.
Acting on the latest guidance
The Government highly recommends that any business using Office 365 reviews their set-up to make sure it is meeting the NCSC advisory and the advice from Microsoft.
As the NCSC advisory contains many technical elements, we suggest you speak to your IT support provider to confirm your set-up meets the advised criteria.
To help businesses, the NCSC produced a document with 14 Cloud Security Principles. Please speak to your IT support provider to make sure they are aware of this document. If you don't outsource your IT, you can talk to us for help with making sure your Office 365 meets these 14 principles.
The way we use the cloud will continue to change over the next few years. We would advise (and so does the NCSC) to regularly review your cloud-based products. Include a check of the manufacturer's latest guidelines in that review as well.
Cloud-based products are great ways to increase productivity within a business. They allow for greater collaboration and offer flexible options for working on. But with any technology, you must be aware of the latest security advice.
If you have any concerns over your businesses Office 365 set-up or any other cloud-based product, then please get in touch, and we'd gladly help. Contact us here, email firstname.lastname@example.org or call us on 01634 52 52 52
Darren's linkedin post about this
Are you or your current IT supplier aware and following the guidance from Microsoft and The National Security Centre about securing your Office 365 email and applications?