By Patrick Lonz, President, Compliant WorkSpace
By now you’ve probably noticed I’m a big Kubrick fan, believe it or not, but we’re not going to rate the best movie directors of all time right now, no chance. But what I want to talk about here is securing your firm on the Microsoft 365 Cloud. Because I believe lots of companies hesitate migrating to the cloud for fear of cyberthreats, and rightly so: You’re walking into a minefield when you put all your employees on the cloud since by default, if you move your company to Microsoft 365 employees aren’t totally secure. And in many cases, you can easily turn off the security options that would leave your people wide open to an outside attack. Here I’m going to talk about our unique Pre-Set 365 Security Template included with Compliant Workspace and how it will give your firm a fully secure Microsoft 365 setup, out-of-the-box.
The security behemoths including AvePoint, Mimecast and Terranova claim that the Microsoft cloud is so unsecured you must purchase their security/filtering plug-in to be fully cybersecure
Malware, Ransomware, Phishing, Smishing, Vishing…Whaling?
Let’s get into it. First, go ahead fire-up google and search “is Microsoft 365 cybersecure? ” and you’ll get dozens of hits from the security behemoths of the day including AvePoint, Mimecast and Terranova (who by the way just partnered with Microsoft to leverage their phishing, security awareness and cybersecurity training to shore up any gaps they have). In this search you’ll find well-crafted white papers giving you their opinions on cybersecurity and Microsoft 365. You’ll also notice all these papers begin with a terrifying story going something like this, “When you move your company to Microsoft 365, you’re going to be wide open to hackers with malware, ransomware, social engineering, phishing, smishing, vishing, spear-phishing…” And a new threat I recently learned about called whaling, that’ll surely hack the heck out of your employees. These papers then conclude by attempting to convince you that the Microsoft cloud is so unsecured by default that trying to protect yourself is too confusing – you can’t handle it yourself! Therefore, you must purchase their security/filtering plug-in to be fully cybersecure on Microsoft 365.
However, other results from this same google search will tell you Microsoft can make your company secure on the cloud since they have all the tools built-in with each of their subscription. I mean according to them, you can configure their built-in Security Policies, or use Exchange Online Protection with Quarantine Policies to block malware, with the Tenant Allow/Block List and Alert Policies to protect against all the threats of the day.
So which is it? Do you need to purchase an add-on security tool from one of the big vendors, or can you use the built-in tools included with Microsoft to make your firm fully cybersecure on their cloud?
Do You Need to Purchase Add-on Tools to be Secure on Microsoft 365?
Let’s start by clearing the air on what I mean by making your firm cybersecure on Microsoft 365. I am NOT talking about your employees getting tricked into giving out confidential information about themselves or your company, also I am not talking about their computers getting messed up with viruses because they’ve been on questionable sites; security awareness training with updated virus software on their PC’s is the solution to these problems. I am talking about preventing employees from getting their passwords hacked or blocking anything from getting on your Microsoft 365 tenant. For example, worst case scenario, someone gets an Excel spreadsheet sent to them, then saves it to your company SharePoint and voila! Your whole firm is infected.
Nonetheless, to answer the question if you need add on tools or if you can use the tools included with Microsoft to make your firm cybersecure on their cloud, I will say If you’re a large firm like a bank then yes, you’ll buy a third-party security add-on for Microsoft 365 since you are a persistent target to hackers. Also, telling the VP of IT that Mimecast is giving your company “A comprehensive email security and resilience solution with built-in AI powered software that’ll block all email-based threats with sandbox emulation that’s seamlessly integrated with Microsoft 365” will be an easy sell. (I honestly have no idea what any of that means but it sounds great!)
if you’re a small firm with 15-25 employees for example you probably don’t need to pay for AI powered emulation software to make you secure on Microsoft 365. In fact, you don’t want it more complicated, that’s why you moved your company to the Microsoft Cloud, to simplify your IT.
However, if you’re a small firm with 15-25 employees for example you probably don’t need to pay for AI powered emulation software to make you secure on Microsoft 365. In fact, you don’t want to make things more complicated, that’s why you moved your company to the Microsoft Cloud, to simplify your IT.
That’s why we created our Pre-Set 365 Security Template for; small firms wanting to get their employees on Microsoft 365 with all the built-in security options pre-set out-of-the-box. No need to hire an IT expert or look for a third-party add-on or spend 80 hrs. trying to configure the tools included with Microsoft to make your firm fully cybersecure on the cloud.