Have you ever been asked, "how secure is our cloud platform?" or, "how can we minimise the risk of a data breach in our cloud apps?”
Well, If you haven't, it's about time you did, because according to a recent report by security firm Avanan, "One in every 99 emails is a phishing attack," which when considering an average school transacts over 10,000 emails daily, this is a staggering figure. The report also proceeds to highlight that, "25% of phishing emails bypassed Office 365 default security," meaning that your end users will almost certainly receive a phishing email at some point this year, if not already!
It's a reality: cyber security attacks are becoming more and more sophisticated and it is difficult for humans and machines alike to detect when an email is genuine or if it is a ploy to steal credentials, and ultimately your data.
At 9ine we have seen first hand just what a credible looking phishing email can do to a school; ranging from accounts being used to send out 10,000 spam emails to unsuspecting victims, through to emails being sent to parents asking to pay early for a discounted fees, only for the money to end up in a fraudulent bank account. Successful phishing attacks cause reputational damage and can cost on average £4,180 per attack, which all schools will want to avoid.
Don't panic! This doesn't mean that you should stop using cloud services, in fact it's the opposite! The Department of Education has recently aligned its own recommendations with the Governments Cloud First Policy, advising that "all education providers actively consider and evaluate the benefits of moving to a cloud-based approach for their IT Systems.” Cloud-based systems have to comply with rigorous security standards in order to satisfy the wide range of sectors they provide services for. Additionally, more often than not, they are more secure, cheaper to run and provide a more flexible working environment for your end users.
What Can You Do?
Aside from training your end users about the rising cyber threat, you should be looking to tighten security within your cloud environment, because by default, not all of the security features are enabled, meaning you could be left vulnerable.
Thankfully for Office 365 users (G Suite users, stay tuned for our next blog), there is a built-in security analysis dashboard called Microsoft Secure Score. Secure Score analyses regular activities and security settings within Office 365 and assigns them a score. Think of it as a credit score for cloud security where you can anonymously benchmark your environment against similar organisations.
At 9ine we regularly undertake Office 365 Security Assessments and through this work, we've found that schools should be aiming for a score of 150 and above to evidence a good level of security.
How Does Secure Score Work?
Secure Score figures out which Office 365 services are active within your environment, such as OneDrive, SharePoint, and Exchange, then it analyses your settings and activities and compares them to a sector-specific baseline established by Microsoft. The output from this point in time analysis is a score based on how aligned your school is with current security best practices.
If you want to improve your score, simply review the actions in the queue to see what you can do to increase your security and reduce risks. As well as going up, your score can go down too; so you need to make sure that Secure Score becomes part of your weekly and monthly management routine.
How Will it Help Us?
Using Microsoft Secure Score helps increase your cloud security by encouraging you to use the built-in security features that are included with Office 365 (many of which you might not be aware of). Learning more about these features as you use the tool will help give you peace of mind that you are taking the right steps to protect your school from threats, and you will also be evidencing security and data protection as high on your school's agenda.
How do I Get to Secure Score?
The great news for education users is that Microsoft Secure Score is included as part of your Office 365 license, and any user with the right permissions (global admin or a custom admin role) can access the Secure Score portal by simply browsing - https://securescore.office.com
How Can 9ine Help?
At 9ine we understand how schools can get the most from their Office 365 environment by providing recommendations most suited towards an education environment. Through our own research, we have rationalised the various security categories, enabling us to provide our clients with a tailored assessment of their security posture within the cloud.
On average, 9ine customers who have followed our recommendations have seen their secure score increase 5 times more than customers who aren't using it.
To find out more about the 9ine Office 365 Security Assessment, please contact firstname.lastname@example.org to arrange a call.