Online security is a balance between ease of use and safety. It is key to utilize the features available to securing your cloud resources. Most Microsoft 365 customers do not use the features they have already paid for, because they do not have the resources and time to configure them or they simply are unaware of the capabilities.

According to Microsoft President of Identity and Network Access, Joy Chik, 99.9% of accounts compromised in any month could have had the attack prevented by Multifactor Authentication (MFA) protections. The FBI’s Internet Crime Complaint Center (IC3) has reported that Business Email Compromise and Email Account Compromise has resulted in $2.4 billion in loses in 2021. Clearly Microsoft 365 security configuration is key to mitigate business risks.

Then perhaps the solution is easy, enable MFA, right? Not so fast. Certainly, if you do not have MFA Enabled then you should take steps to do so as soon as possible. As threats increase in complexity and capabilities improve to enhance posture, MFA is only one part of a holistic strategy to reduce business risk. By rethinking your identity and access strategy, you can protect against insider threats like a disgruntle employee who has stolen files or the accident transmission of protected information.

So what is the plan?!? First, cloud security and productivity is an on-going strategy not a destination. Identify objectives for your cloud strategy to meet your needs then understand the requirements and roadblocks that will need to be overcome. A short-term goal should be to implement basic controls that prevent spray and pray or password reuse attacks. Longer term goals may include information security objectives, such as reducing insider risk and preventing accidental data leakage.