Category: Tietoturva

Microsoft 365 security

Users of all cloud services are the target of cybercrime on a daily basis. Each day, 300 million criminal login attempts are made to Microsoft services alone. Security threats are also a reality in Finland. Every day, numerous domestic companies are the target of cyber attacks, which has resulted in significant losses for many, for example in the form of fraud.

In addition to the familiar Office applications, Microsoft 365 includes world-leading security features that enable businesses to properly protect their digital operations. This is to ensure both business continuity and employee productivity in the ever-changing threat environment of the network. The responsible company should determine the following key aspects of Microsoft 365 security at the level of risk and security they want:


1/ Protecting usernames and logins – the cornerstone of cloud security

Today’s mobile workers log on to cloud services on a variety of devices, from anywhere in the world. In addition, a large number of different forms of cyber-attacks seek to obtain usernames and passwords specifically for criminals. In such an operating environment, digital identity and its protection have become the forefront of information security. The secure use of any cloud service requires that usernames and logins are adequately protected for the needs of the enterprise. Two-step authentication is a good example of this. According to Microsoft, using it can prevent up to 99.9% of user account breaches.

2/ Email Security – phishing is the most common cyber threat

Spear phishing has long been by far the most common form of attack. The user will be sent a compelling looking email with a link to a fake Microsoft 365 sign-in page. However, the IDs entered on the fishing page go to criminals who typically send fake invoices or new fishing and scam messages from the victim’s email account to their contact information. Sometimes an attacker sets forwarding rules on a hacked e-mail account to spy on corporate messaging traffic.

You can effectively protect yourself from both phishing scams and dangerous e-mail attachments and links with Microsoft Defender for Office 365, which is included with your Microsoft 365 Business Premium subscription. It leverages advanced artificial intelligence that analyzes billions of emails and thousands of billions of other threats a day to protect corporate emails in real time.


3/ Protect your business data and files from unauthorized users and data leaks

The activities of an organization may require information to be classified according to a level of confidentiality, such as public, internal, confidential, or secret. Microsoft Information Protection automatically protects your files and e-mail based on your level of confidentiality, enabling seamless, secure collaboration both within your company and with external partners. If necessary, the files and e-mails are encrypted and the specified permissions accompany the file and e-mail. This prevents data from being read, printed, forwarded, or copied by unauthorized persons.


4/ Protecting terminals from malware and unauthorized users

Computers, smartphones and tablets used by employees should be protected according to the needs of the company. The most common security threats to them are malware and the risk of data leakage due to the loss or theft of equipment.

According to Gartner, Microsoft Defender for Endpoint is the world’s leading solution for protection against a variety of malware for all terminals, regardless of operating system. Its cloud-based artificial intelligence also protects against previously unknown malware and initiates automatic actions globally in milliseconds. Microsoft Defender for Endpoint includes e.g. For the Microsoft 365 E5 Security subscription, the flagship of Microsoft security solutions for very demanding customer needs.


5/ Security monitoring and attack response – automate as much as possible

The question is not whether your company will be attacked, but when it will be attacked. Without proper ongoing oversight, an organization is unlikely to even know that it has been the victim of a cybercrime until, for example, the financial damage caused is reflected in the accounts. In 2019, it took companies an average of 206 days from a data breach to detect it.

The Microsoft 365 Security Center provides a comprehensive overview of your company’s security status, makes recommendations for preventative action, and alerts you immediately to detected threats. Today’s best practices also include automating both the processing of security signals and the follow-up of observations, so that the situation is created quickly and staff does not get tired of manually processing the flow of information.

Do you need more information?

Every business should protect themselves before a security breach happens, because appropriate security measures are a really small investment compared to the financial losses caused by cybercrime, which are measured in millions of euros on average, and often hundreds of thousands of euros in SMEs. Microsoft 365’s advanced security technologies help businesses of all sizes provide comprehensive protection against cyber threats.

Read more in our free Microsoft 365 Security Guide (in finnish only):

Download our security guide


Miikka Tuori has worked in the IT industry for more than 20 years. He is specialized in security of the Microsoft cloud services.