Microsoft Office 365 – convenience in the cloud or an open invitation to hackers?
There’s no doubt that modern cloud-based applications can deliver a stack of user benefits such as access at any time and anywhere, backup in the cloud and automatic updates as soon as they become available. Having all the latest security patches applied to software, without the need for time-consuming personal intervention, is also hugely convenient.
However, many users are still skeptical about accessing apps in the cloud and even more resistant to storing sensitive information anywhere but on the hard drive of their computer or a local backup device.
The question is this. Is this skepticism based on fact or as a result of that well-established human trait – resistance to change? In other words, does the convenience offered by a cloud app outweigh potential security threats such as hacking, and how susceptible are SaaS (Software as a Service) cloud apps to attack in the first place?
To answer this question, let’s consider Microsoft Office 365, which is one of the most widely used software packages on the planet with more than 27 million consumer users and over 100 million enterprise users.
What has Microsoft done to make Office 365 secure?
MS Office 365 was introduced in June 2011 after a successful BETA launch in 2010. It comprises an integrated suite of cloud-based apps and services like Word, Excel, PowerPoint, cloud-powered email, Skype, and various other tools designed to ease communication.
According to the most recent Symantec Internet Security Threat Report, 48 percent of malicious email attachments are Office files, up from five percent in 2017. This huge escalation is naturally causing for concern because hackers disguise malware as Office files attached to emails to trick you into clicking on them.
However, this is not a reflection on the security of the product itself, but more that hackers choose to use this vector of attack because the software is so popular. Indeed, Microsoft has spent almost a billion dollars making certain Office 365 is secure – and that’s not small change.
Access to data from anywhere – a good or bad thing?
The fact that data can be accessed remotely from anywhere presents a unique security concern that needs to be properly understood. While it’s true this could make Office 365 a target for unauthorized access, the more pertinent question to ask is how do hackers get the information (login details) they need to gain access in the first place?
Almost without exception, this can be traced back to human error in one form or another. A user clicks on a link in an email they don’t know to be safe, or opens a Word document they should just delete. It’s these kinds of mistakes that open the way for hackers to install their malware and get access to your personal information, regardless of whether you use cloud apps or not.
So, if it’s predominantly user error that causes problems, it’s clear that users need to be properly trained in good security practices in a business environment and take responsibility to understand the risks as an individual consumer.
A few basic Office 365 security guidelines
Here are a few pointers to help keep you safe from hackers:
- Old/Unpatched Software – obsolete software has inferior security protocols that may leave you open to attack. Keep software current and updated (tick in the box for Microsoft Office 365 which takes care of updates automatically).
- Weak Passwords – always use strong passwords and different passwords for different applications just in case one is compromised, so you don’t risk everything.
- Opening Malicious Documents – simply don’t. If you don’t recognize a document and it looks suspicious, delete it.
- Surface Unsafe Websites – some dodgy websites may be fun and exciting but you should understand the risks and stay away.
- Multiple Users – every variable you introduce to your computing world increases risk and that includes letting more than one person use your computer. If possible, be selfish! Limit usage to just yourself.
- What's your backup plan? – if it all comes crashing down, what would you do? Be prepared for the worst-case scenario with a solid backup and disaster recovery plan.
The verdict based on the available evidence
All in all, Microsoft Office 365 is SaaS that offers a wide range of benefits to users such as flexibility, easy access and minimal maintenance. Naturally, hackers will try to exploit its popularity and use it as an attack vector.
With that said, most problems can be prevented by savvy users being aware of the basic tactics a hacker might use and taking sensible precautions to avoid being tricked.