The Strongroom

Microsoft 365: Enterprise-size security for not-so-enterprise-sized businesses

16th November 2018

Written by Jean Alves

As a security analyst here at Origin, part of my job is to monitor security processes and frameworks that protect organisations from cybercrime. Over the past few years, I’ve seen a notable increase in the incidence of criminal activity across the IT-environment. Of this number, corporate entities of every size, and at every stage of the security journey, are disproportionately targeted by cybercriminals, so much so that cybercrime is one of the greatest threats facing organisations today:

  • The average business experiences 188 cybersecurity threats a day.

  • Global business records indicate a 33% increase in cyber attacks annually.

  • Annual cybercrime damages are set to reach $6 trillion by 2020.

Of course, you don’t need to be a Fortune 500 company to be a target. The National Cyber Security Alliance recently found that more than 70% of cyber attacks target small businesses, the reason being that generally speaking, smaller businesses lack the resources – financially or otherwise – to protect themselves against cybercrime. The good news is that this is a myth.

Enterprise-grade security for not-so-enterprise-sized business

There are many ways to engage in the security journey without breaking the bank, and one of the best ‘go-to’ security solutions for smaller businesses is the Microsoft 365 for Business suite. The platform brings together features from across Microsoft’s offerings and it’s tailor-made for small to medium-sized businesses.  In my opinion, it’s one of the most robust security subscription services on the market today, and it’s a practical starting point for smaller businesses who are just starting out on their security journey.  

The platform comes with simplified security features that safeguard business data across PCs, phones and tablets. Here are some of Microsoft 365 for Business security features recommended by Origin:

Advanced Threat Protection

Advanced Threat Protection (ATP) guards against malicious attacks, including phishing and ransomware attacks. ATP uses sophisticated software and AI-powered tools to automatically scan links or attachments in emails for evidence of a phishing attack. Where an attack is detected, the offending email is discarded to prevent users from accessing unsafe web pages.

Security and Compliance Centre

The Security and Compliance centre enables centralisation and customisation of the M365 Business security features. It provides data administrators, compliance officers, security administrators, and security operations with a single view across security and compliance controls and data.

 Multi-Factor Authentication

Multi-Factor Authentication requires two or more methods of verification for user sign-ins and transactions, adding a second layer of security across business devices. Verification methods include randomly generated passcodes, phone calls, text messages, smart cards (virtual or physical) and biometric devices.

Data Loss Prevention Policies

Small to medium-sized businesses can protect the inadvertent sharing of sensitive information outside of their organisation by implementing a Data Loss Prevention Policy. This includes financial and personally identifiable information such as credit card numbers or health records. 

Exchange Online Archiving

Exchange Online Archiving enables easy archiving of emails, including deleted emails, with continuous data backup. This feature is useful for restoration and legal purposes including discovery or to meet compliance requirements.

Azure Intune

Azure Intune protects your organisation’s data across company devices with end-to-end device and application management. This feature allows you to control how your workforce accesses and shares company data from mobile devices and apps and ensure they are compliant with company security requirements.

Power in numbers - the Origin IT and Microsoft partnership

Origin IT offers wrap-around services to complement and enhance Microsoft’s 365 for Business security capabilities. Our Security Team reviews and monitors available data, turning it into meaningful information our customers can use. They also evaluate the safeguards in place and make recommendations and configuration improvements to protect against the ever-evolving threats and to ensure our customers are getting the most out of the Microsoft 365 for Business platform.

For an even more comprehensive and secure solution, Origin Security offers a continuous subscription monitoring service through its Security Operation Centre (SOC), whereby any suspicious activities are monitored and analysed around the clock and responded to in a timely fashion. The SOC is a feature of Origin’s Managed Security offering and comprises a combination of technology, processes and people for the ultimate security package.

This partnership between Microsoft and Origin has resulted in measurable improvements in the security posture of our small to medium-sized clients, and a significant reduction in security incidents. 

Of course, a fully-managed security service might not be suitable for organisations who’re just beginning their security journey. Adopting the Microsoft 365 for Business suite is a practical, easy and affordable interim step for businesses of any size to dramatically improve their defences and remain competitive in today’s business environment.

 

 

Jean Alves

Security Analyst and SIEM Specialist

Jean is a Security Analyst and SIEM Specialist at Origin Security.

Join the Strongroom
Join The Strongroom and get a regular round-up of news and views to keep you up to date with the fast moving world of cyber security.