Remote working: Security review with Microsoft 365

Throughout 2020, many of us will have become fully accustomed to working remotely, on the go, and in different locations at short notice. With this new way of working, with companies eager to get all users set up and able to work remotely, it may be time undertake a security review within Microsoft 365.

Security review with Microsoft 365

Permissions, for example, may have been something willingly given over the past few months in order to allow users to access what they need at short notice. Have these permissions been reviewed since?

It may be that these ways of working will become permanent within your business. If this is the case, you’ll likely need to review and update your policies too.

Other security considerations that stem from home working can include:

  • Device access – personal and work devices connecting to the cloud (is this allowed and preferred by the company?)
  • MFA – Multi Factor Authentication – is this implemented and rolled out across the company? Is there a policy for it too so everyone has an understanding?
  • Permissions to sensitive information
  • How Teams can communicate on sensitive topics and projects – who’s part of those teams and do they still need to be? Without a physical office presence, people who aren’t on projects any more may still have access to the information within project and team sites.
  • Previous employees – for those who have left the business, have they returned all of their kit? Have their logins to cloud environments been changed or their access revoked?
  • For those working with highly confidential and sensitive information – has their working environment been risk assessed? (i.e. are they in a room surrounded by people when they ought to be alone? How many distractions are they dealing with?)

Using the way people work to make good decisions

With email being even more commonly used in these remote times in 2020, is your workforce savvy to intrusive phishing emails? Is there an alert system in place when one gets distributed by mistake? Security isn’t just about making sure your systems are secure, it’s making sure people can still work effectively, uninterrupted whilst being heavily aware of current trends and risks to their work.

Microsoft 365 and security

Security audits of some degree should be undertaken regularly within any business. Whether it’s a case of ensuring password expiry across the board to make sure people keep their login information up to date, to rolling out whole new processes and policies, Microsoft 365 is able to facilitate this.

At Business Agility, we know and understand how some businesses have really had to completely change their whole dynamic to adapt to a remote workforce. We can consult on security best practice, and how your communication systems (such as your intranet) can ensure everyone is up to date and educated on best practice. Get in touch with us today and we’ll be happy to help.

We also wrote a guide on business resilience using Microsoft 365. Have a read here.