A total of 85% of organizations using Microsoft 365 have experienced an email data breach. That’s a staggering number of organisations for whom sensitive and confidential information may have been accessed. But, was the rapid rollout of Microsoft 365 during the pandemic to blame?
The Pandemic Overnight Change
When the pandemic struck, there was no time to sit down, have a calm cup of coffee, and talk things over. Companies had to make unexpected and drastic changes overnight.
Lockdowns and social distancing created a previously unknown need to operate completely remotely. Many companies wisely turned to Microsoft 365 to aid them in the new goal.
So why are reports of an increased number of data breaches emerging now?
We believe that the problem is not that the platform has fundamental holes – but that the deployment was too fast.
Thinking about it, a normal organisational platform rollout takes a long time. And a correct implementation of Microsoft Teams is normally a six-month process.
When the pandemic struck, many companies implemented Teams overnight to allow their users to work better remotely. Many organisations in all sectors essentially pressed the ‘on’ switch for Teams and started working in a completely new way.
“Did I Just Share That?”
One dangerous implication of this rollout approach was that users started unknowingly sharing documents via Teams with little to no training, and didn’t know people could access documents through Teams.
Teams doesn’t stop people from using the same team names. Suddenly, files – sometimes critical company information – were scattered and shared everywhere.
And without deleting Teams sites after use – which is a normal security best practice – important documents were left accessible and kept getting shared; often without anyone knowing.
There’s also the case of access rights and having the right boundaries in place to limit people from accessing certain files. In many cases, administrator rights were weak, or access rights were wide open.
Case in point: Edward Snowden stole highly classified NSA documents from poorly configured SharePoint sites.
Many companies had a hard time assessing the real security risks when they rolled out Teams because there was no tell-tale sign that something was wrong.
Saying No To Data Breaches
There is no doubt that remote working is here to stay for a majority of organisations and teams. Not only due to the lingering global pandemic effects; but also because we like it.
The cocktail of fast rollouts, zero to little training, and the vast functionalities of Microsoft 365 have paved the way for data breaches and other risks for many companies. But it’s not all doom and gloom.
Data breaches are certainly not something organisations should take lightly. The consequences are far-reaching. Customers share sensitive information with businesses like yours, confident that you have taken the right security measures.
In the event of a data breach, companies lose credibility. Their customers begin to trust them less, which can have a tremendous impact on their reputation.
As previously said, it’s not that Microsoft 365 has fundamental weak security – but creating high data security needs the right structure and boundaries in place.
Luckily, Microsoft partners like Triad and WorkPoint help bridge the gap.
David Eagle, Triad’s Microsoft 365 expert has worked with several companies who realised that their pandemic rollouts had left them vulnerable. His advice is:
“It’s important to do an audit of where you currently are and set a path to plug any gaps in your Governance. Also, if you are using the Microsoft 365 platform more widely, why not explore all the other opportunities it brings. In my experience, it’s very likely you could get even more value from the license fee you are already paying for.”
Our next article will share how partners like WorkPoint and Triad help companies implement Microsoft 365 best practices to prevent data breaches and stay secure.