How to stay productive and secure when using Microsoft 365
Co-authored by Andy Baines and John Ellis
Medieval kings protected themselves from attackers with curtain walls. It was a wide, high, stone wall that circled their castle – and many are still standing today.
More than a thousand years later, businesses have been following this model when it comes to protecting their business and employees, however with the move to cloud and modern ways of working it is no longer possible to ensure your business is operating within the high stone wall, as such you need a new approach to security and compliance for your modern workplace to enable your business and employees alike.
This was the thinking behind the security features of Microsoft 365.
Organizations needed a solution that could cover the majority of security functionality in one fell swoop.
The M365 portfolio does this by grouping security functionality into four key areas that can be integrated with one another. These are: identity and access management, threat protection, data protection, and security management.
The use of M365 security controls puts businesses in a position where they can be proactive rather than reactive when it comes to security management. The integrated components improve security posture visualization, clarity of information, and enable automation.
The M365 portfolio can also be tailored to meet specific requirements with additional overlay security controls. This makes it adaptable to any business in any sector.
Safety drives productivity
A huge productivity drain when it comes to cyber security is time. Updates to security traditionally means downtime to your system, and countless passwords can mean it takes considerable time for users to login. Added to this is the time needed to digest all the security and compliance information necessary to ensure your organization remains safe.
Thankfully, Microsoft have designed the M365 portfolio to have minimal impact on end users’ working practices.
M365 can issue prompts and warnings to users when their activities may result in a security incident, for example as a result of them sending a sensitive internal document to an external recipient.
It’s these improvements to user experience that significantly reduce the chances of a security incident impacting on productivity.
Resilience in hard times
A lot of people have had to take up remote working quickly. Accessing systems outside the office can be a risk. So, security systems need to be able to react as quickly as possible to unplanned threats.
Dealing with this can be challenging and time consuming for everyone. But there are three practices that can help businesses using M365 to transition their operations to remote locations while retaining productivity:
- Firstly, conduct ongoing risk management assessments. This means you’ll be able to deal with potential future security loopholes which will help you to decide which M365 controls you need to focus on.
- Secondly, audit and follow the appropriate processes. By knowing exactly what processes you have and how they should be carried out, you’re leaving no room for risky interpretations.
- Lastly, rehearse your businesses response to a security breach. You’ll never know how strong your curtain wall is until you test it.
By having these practices in place, your business can tackle security concerns or breaches from the onset. This reduces the amount of time you would have spent dealing with the issue, had the problem been left to grow.
Microsoft 365 best practice
At Fujitsu we’ve been working with Microsoft to support customers in using M365 effectively.
Of course, some actions within M365 security will take longer to conduct, like the auditing and assessments discussed above. But there are also smaller practices that can make a huge amount of difference and also reduce time spent on security long-term.
- Base your M365 security on business requirements not technical capabilities: as your requirements change, ensure your policies continue to align.
- Take action: auditing and assessments is a great way of gaining insight but it will be worthless if you don’t act upon it.
- Have processes in place to manage incidents: M365 provides significant amounts of security information, don’t let identified security incidents slip under the radar.
- Understand the functionalities available to you: this is often overlooked, so make sure you’re making the most out of your investment.
Ultimately, the M365 portfolio has been designed for quality protection and user-experience. However, the risks cyber attackers pose are constantly changing, and to ensure your M365 portfolio can stand up to this it’s important use it in the most efficient way possible.
Spending time on what may feel like non-essential security warnings from your M365 may feel frustrating or a waste of time. But by acting as soon as possible, you can nip potential threats in the bud.
Because ultimately, it takes a lot longer to re-build a wall than it does to bolster it.
Learn more about securely driving productivity within your workforce on our New Ways of Working page.