| 4 min read

Are your 365 security configurations empowering hackers?

By  Justin Sharrocks,
 16 June 2022

Could you imagine life without 365 and Teams? Not only do these tools make remote working seamless, but even when in the office the flexibility, scalability, and collaborative features makes them indispensable for most businesses. It’s safe to say that these technologies are here to stay.

Unfortunately, in a rush to keep the lights on during the pandemic, some organisations may have missed important steps during their 365 implementations. These misconfigurations can have serious implications down the road for your cyber security.

If you haven’t looked into it already, it’s important to make sure your Identity and Access management (Azure AD) policies are correctly configured. That way, you can fully utilise the advanced features your license already has to offer, while keeping your business safe and secure.

365 misconfiguration: the low hanging fruit for cyber criminals
A recent report shows that 41% of breaches were caused by cloud misconfigurations. In other words, if these organisations had their cloud correctly set up, they wouldn’t have suffered a security compromise.

With the rapid onset of the pandemic, many of us had to migrate to hybrid cloud arrangements virtually overnight and set up new ways of accessing services and applications remotely. Staying operational was the focus for many businesses, and optimisation wasn’t high on anyone’s agenda.

And while there may have been a plan for remediation of security arrangements ‘in due course’, life is busy. Work is busy. There’s too much to do and not enough people to do it. As businesses battle through the great resignation and a shortage of talent in the market, the problem lingers.

If that sounds like your business, you’re on the fast lane to joining those that suffered a compromise due to cloud misconfiguration. After all, hackers don’t care if your business is big or small - if they spot a weakness in your system, they’ll take advantage of it.

Verification is the key
In the last two years 34% of identity-related breaches have involved the compromise of privileged accounts. But, despite the risk, only 38% of organisations are currently using MFA to secure their privileged accounts, and more than 90% of cloud identities are using less than 5% of the permissions they’ve been granted. This enables attackers to exploit accounts with misconfigured permissions to gain access to critical data undetected by security teams. That’s why Identity and Access Management (IAM) is a crucial line of defence against compromise.

At its core, IAM is about managing users, and confidently knowing who everyone (and everything) on the network is, what they are accessing, and how they act within company systems. IAM empowers you to make data and applications accessible only to authorised people, keeping them safe from the hands of cyber criminals.

A simple layer that can be applied is multifactor authentication. This assumes every user trying to access company resources is unknown and potentially a hacker. They must therefore confirm their identity, generally using a secondary authentication method, such as approving access via the Microsoft Authenticator app. This can be set to reconfirm identity every time the user accesses a new service or resource.

The challenge is making this process simple, yet foolproof. It can be difficult to get the balance right, because if access is clunky and difficult it impedes productivity and turns people off.

If done right, IAM protects against ‘unknown’ actors entering and allows for the detection of anomalous activity. It also helps identify weak passwords and compromised credentials, which are the two weaknesses commonly exploited by hackers looking to get into your systems.

Get your configuration right
This brings us back to configuration, specifically within the Microsoft 365. The reality is that IAM is included with most Microsoft 365 licenses, along with two-factor authentication. It just isn’t turned on for a lot of users!

Azure Active Directory (Azure AD) is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks. Implementation makes access easy and fast, so it doesn’t annoy your people or hamper them from getting the job done.

Azure AD is included free with most Office 365 licenses. Unfortunately, during audits we often discover that its functionalities are left unused, while less effective paid alternatives are in place doing part of the IAM work.

If this sounds like you, fear not. These can be safely discarded once the IAM (Azure Active Directory) is appropriately introduced and set up.

If you’re unsure of your Microsoft 365 security status, get an external review. The specialists will very quickly identify any shortcomings and then help get it sorted. It isn’t expensive or time consuming, and the benefits are lasting.