Skip to content
March 23, 2021
2 min read time

Is your Microsoft M365 service secure from attackers? Are you sure?

Executive Summary

The mass migration to remote working as a result of the coronavirus pandemic has seen many organisations adopt new platforms and applications to remain connected and productive. One popular application is Microsoft M365 thanks to its variety of features that make remote collaborative work simple and accessible.

However, the increase in remote working and reliance on M365 has provided ample opportunities for cybercriminals to attack vulnerable cloud-based environments for many individuals and organisations alike. Although there are hundreds of configuration settings in each M365 tenancy, by default Microsoft do not apply the majority of security settings leaving users vulnerable and open to attack.

According to a survey by Sapio Research of businesses that use M365, 97% of the 1,112 IT security professionals surveyed said they’ve extended their use of M365 as a result of the pandemic. When reflecting on the past 12 months, 82% of respondents noted they have seen their organisation’s cybersecurity risk increase, with top security concerns being the risk of data compromise, risk of credential abuse leading to account takeover by unauthorised users and fears over the ability of hackers to hide their tracks using legitimate Microsoft tools such as Power Automate and e-Discovery.

These fears are completely understandable as navigating each configuration setting in M365 and determining if it needs to be configured can be a daunting prospect. If a setting is not in place or has been misconfigured, then you could be providing full access for anyone to view and delete your emails and documents. Keep your business secure and your data protected requires making use of the intelligent built-in Microsoft security features which are often not used to their full potential.

What We Offer

At CSA we are cyber security experts and we understand what it takes to keep your private data private, which is why our M365 Security Assessment solution is key for any organisation wanting to implement the best security practices whilst using M365.

First, we will assess your company’s M365 instance and ensure that you have all the necessary security controls correctly configured to appropriately protect your emails and documents. Following the assessment, you will receive a report on our findings, as well as a technical assessment on the specific controls that need to be changed (each control to be changed will be based on the criticality of exposure). We can also assist in implementing and amending the required controls on your M365 tenancy for added peace of mind.

We are passionate about providing high-level security solutions to organisations of all shapes and sizes, which is why our assessment is flexible to cater for any kind of company, from small businesses with less than 50 M365 accounts to large scale multinational companies.

Continuous Assessment

Since Microsoft introduces new features and services regularly, we recommend that our M365 Security Assessment is performed at least every 6 months to ensure any new features have not impacted the security posture of your M365 service. Cybercriminals are always on the lookout for new weak spots, but regular reviews of your security status make sure the opportunity for an attack never arises

Integration Into BorderPoint

For our BorderPoint customers, the assessments will integrate into our existing service, providing additional security assurance to our already extensive offering. With BorderPoint you can remain confidently secure thanks to real-time monitoring on both your end point and M365 account. Any suspicious or malicious activity is analysed and reported to our team of Cyber Analysts, who will respond and advise as required.

To find out how we can help your business stay secure, get in touch!