Mastering Your Office 365 Security Landscape

An e-Guide to boosting your Microsoft Secure Score and preventing costly security breaches

Mastering Your Office 365 Security Landscape 2

What is Microsoft Secure Score?

When it comes to security, it can be difficult to know where your organization stands. Microsoft Secure Score reveals your organization’s security strengths and vulnerabilities across four categories, showing where you are now and a prescriptive approach for improving your security posture. Boosting your Microsoft Secure Score decreases the probability of a security breach at your organization, making costly incidents an unlikely occurrence.

$2.4MILLION

Average cost of a malware attack on

a company 1

>$5BILLION

Ransomware damage costs

in 2017 2

$6TRILLION

Projected annual damage related to

cybercrime by 2021 3

“When conducting an initial Security Assessment, I find that 1 in 3 organizations with a Microsoft Secure Score under 200 points are already compromised.”

Joe Kuster, Security & Compliance Solution Director at Catapult

Mastering Your Office 365 Security Landscape 3

The 4 Categories of Microsoft Secure Score

Microsoft Secure Score displays a centralized dashboard that includes your organization’s score across four categories. Each score is determined against a set of criteria in your Office 365 tenant due to security features that have (or haven’t) been enabled in your environment.

Your Microsoft Secure Score pulls from 4 categories of your security landscape:

• Identity• Data• Device• App

Mastering Your Office 365 Security Landscape 4

IdentityAttackers can gain entry to an environment by stealing various user identities. Even low-privilege user accounts can provide access to important company resources, giving attackers the chance to swipe sensitive and costly data from your organization.

Prevent identity theft by

• Protecting all identities from common password attacks, regardless of their privilege level

• Enforcing protections on risky or unusual account activity• Regularly monitoring for suspicious access, including logins from unusual

countries, access via out of date protocols and password attacks

300%increase in identity- based attacks in 2018 4

Mastering Your Office 365 Security Landscape 5

DataLosing sensitive data can cost your organization the financial standing and consumer trust it has worked so hard to build. Sensitive data can be stolen from even the most low-level accounts, so knowing what sensitive data you have, where you have it and who has access to it is key to keeping your organization secure.

Protect your data by

• Granting limited access to sensitive data

• Encrypting sensitive data to prevent inappropriate access

• Identifying sensitive information and preventing data leakage andunauthorized sharing

41%of companies have over

1000sensitive files,including credit card numbers & health records,left unprotected 5

Mastering Your Office 365 Security Landscape 6

Device Protecting devices, including mobile devices, means that users can do their work anytime, anywhere without intentionally or unintentionally compromising your organization’s security.

Protect devices by

• Applying security best practices to device settings

• Blocking access to unauthorized and non-compliant devices

80%of employees use one or more personal devices for work 6

Mastering Your Office 365 Security Landscape 7

ApplicationsApplying protection policies to your apps ensures data remains safe, contained and monitored. Shadow IT increases the likelihood of uncontrolled data flow, preventing IT from maintaining protection policies on rogue apps and increasing the risk of a data breach.

Keep your apps safe by

• Identifying sensitive data and applying policy-based protection actions

• Receiving alerts that flag risky behavior

• Preventing unauthorized applications from accessing company data

80%of employees use non-sanctioned appsthat no one has reviewed and may not be compliant with security and compliance policies 7

Mastering Your Office 365 Security Landscape 8

Security is Everybody’s Responsibility (Including Yours)

It can be a challenge to tell management that your Microsoft Secure Score isn’t where it needs to be. When broaching the topic, present actionable items you should take to improve your organization’s security posture. A mutual desire to prevent a security breach will garner mutual support from management.

“ Many times, businesses do not have a process to secure the data. Additionally, employees are not properly trained to protect against a breach. Obviously, some things can be automated […] However, there needs to be a heightened sense of urgency to control the data by establishing the proper process and training. ”

Justin Goodbread, Heritage Investors 8

Implementing continuous improvements to your security landscape will help avoid incidents that could cost your organization money and cost you your job.

82%of cloud usershave experienced security eventscaused by confusion over shared security implementations 9

Mastering Your Office 365 Security Landscape 9

Take Action: Improve Your Score

You can find your Microsoft Secure Score here: https://security.microsoft.com/securescore

Once scored, you can view the improvement actions tab to see the recommendations for your tenant. A laundry list of improvements will appear, and depending on each action item’s priority level, you can either act immediately or choose to revisit a task at a later date. Improvement action rankings are based on Microsoft’s evaluation of both security value and the effort required to complete each action item.

You may not have the time or technical resources to implement some action items. In cases such as this, you should consider an outside resource to make the necessary improvements in order to avoid being breached.

Mastering Your Office 365 Security Landscape 10

Moving Beyond the Number

The Microsoft Secure Score checklist is a great way to improve your security posture, but how do you know what to tackle first? Start by closing the security gaps that will have the highest impact on your overall security posture.

1. Know what data is being kept where and who has access. This can help prevent a data breach at your organization.

2. Identify external threats

3. Know what your users are doing and make sure it’s not a risk to your organization

$3.86MAverage cost of a data breach 5

3x

90%

as many malware samples targeted smart devices in 2018 as they did in 2017 10

“ The harsh reality is even the biggest companies (e.g., Yahoo) can be hacked. The most useful thing you can do is educate yourself on recent incidents and make sure the correct protection is in place to prevent the possibility of a similar data breach. ”Stacy Francis, Francis Financial, Inc. 8

of data breaches are caused by human error 11

11

About Catapult

Catapult is a digital solutions and services firm that uses technology

to solve complex business challenges. Catapult has consistently

been recognized as a leading Microsoft partner for its expertise in

digital transformation and cloud-based technologies. Catapult was

named the 2019 Microsoft PowerApps Partner of the Year Award

winner, and finalist for both the 2019 Microsoft Power BI Partner of

the Year Award and the 2019 Microsoft Modern Desktop Partner of

the Year Award. Catapult has been recognized for numerous other

Microsoft partner awards over the years.

1 https://www.accenture.com/us-en/event-cybertech-europe-2017?src=SOMS#block-insights-and-innovation

2 https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html

3 https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

4 https://info.microsoft.com/SIRv24Report.html

5 https://info.varonis.com/hubfs/2018%20Varonis%20Global%20Data%20Risk%20Report.pdf

6 https://www.trackvia.com/blog/infographics/mobile-devices-are-a-necessity-in-todays-business-world/

7 https://docs.microsoft.com/en-us/cloud-app-security/tutorial-shadow-it

8 https://www.forbes.com/sites/forbesfinancecouncil/2018/03/08/how-to-protect-your-business-from-a-data-breach-seven-key-steps/

9 https://www.techrepublic.com/article/how-to-help-cisos-understand-their-role-in-cloud-security/

10 https://securelist.com/new-trends-in-the-world-of-iot-threats/87991/

11 https://www.kaspersky.com/blog/understanding-security-of-the-cloud/