With Office 365 being the most widely attacked application, are you sufficiently protected?
Traditionally, enterprise security models used security solutions such as firewalls to protect a trusted, internal network from external threats. These were largely effective when users and apps resided on the network as users would typically work from within the company office and use applications hosted on local servers. Therefore, enterprise data was safely contained within the perimeter of this secure environment.
However, due to consumer demand for greater mobility, flexibility and usability, technology has evolved to increasingly rely on the internet, cloud services and mobile devices. The most popular of those modern technologies is Office 365. Office 365 enables users to work from anywhere, at any time and on any device. It enables employees and their businesses to be more productive and collaborative than ever before.
For all the benefits of Office 365, now that our suite of office apps no longer resides on our network and users can access them from anywhere, we no longer have distinct boundaries defined by inside and outside the firewall. We also don’t have physical visibility of the users gaining access. This means we need security that focuses on protecting access to the data itself, rather than building walls around the systems upon which that data resides.
81% breaches involved compromised passwords
The problem is that the access control we have been using – username and password – is not an adequate security measure on its own. That has been proven time and time again by high profile breaches. Verizon found in their 2017 Data Breach Investigations report that 81% of breaches involved compromised passwords. This is perhaps not surprising given the increase in phishing attacks and that to remember the millions of passwords used daily, people simplify, duplicate, write-down and share them.
Protect Office 365
And guess what the most widely attacked application is? Office 365, of course! Frequency of phishing within Office 365 is estimated to cost the average organisation 1.3 compromised accounts each month via unauthorised, third-party login using stolen credentials. AppRiver even saw more than 100 million emails sent targeting Office 365 users in 2017!
Business owners have a responsibility to keep their data safe from unauthorised access and it’s therefore vital to add another layer to protect Office 365 before granting access to the confidential data that is stored within the apps.
The good news is that you can easily accomplish that with Duo’s Two-Factor Authentication (2FA) solution. With 2FA in place, user accounts are much better protected against unauthorised access since access to data is not granted until an additional challenge (the second factor) has been satisfied.
Duo’s 2FA solution is extremely easy to use, only requiring users to verify identity by approving a request sent to the DUO app on their mobile phone. This is much more secure compared with SMS based 2FA codes (see the recent incident involving SMS which affected Reddit).
Moreover, the flexible policy engine allows you to enforce 2FA only when specific conditions are met. So you can control access based on user location, device OS type, browser version, mobile phone integrity checks and device ownership (which enables management of any BYOD scenario).
Another key factor for this solution is that once it’s in place for Office 365, you can protect hundreds of other apps on premise and in the cloud at no additional cost!
So, it really seems that DUO is the best solution to add an extra layer of protection to your data. And we’re not the only ones to think this since Cisco just announced they are ready to pay $2.35 billion cash for the company!