Office 365: A Growing Target

Office 365:
A Growing

Top Threats


Is Office 365 Secure?

Is Office
365 Secure?

Office 365 Security Best Practices

Office 365
Best Practices

Introducing Office Protect

Office Protect

A Profitable Opportunity for Resellers

A Profitable Opportunity for Resellers


to Office 365
in 2018


of a business’s sensitive data in the cloud is stored in Microsoft Office documents.

How much of your business runs on Office 365? Think about it. Your company stores most of its vital information - and that of its clients - in the Microsoft cloud. In fact, 17.1% of the average company's files stored in OneDrive and SharePoint Online contain critical data, including financial records, forecasts, business plans and personal information. We’re talking about payment details, social security numbers, and even user passwords.

Here’s another sobering thought:

A recent study conducted by Skyhigh Networks revealed that an average of 58.4% of a business’s sensitive data in the cloud is stored in Microsoft Office documents.

Office 365 is the most popular business productivity suite in the world. This isn’t breaking news. But there’s a lot at stake for your business when it comes to securing your data. Here’s why:

Last year, Microsoft Office 365 earned the title of the “most popular enterprise cloud service.” With more than 135 million active business users, it has become a golden opportunity for cybercriminals to infiltrate small to midsize businesses.

These attacks are costing businesses of all sizes millions of dollars in damages, and are being launched at Office 365 users at an alarming rate.


The average organization
receives 2.7 threats each
month within Office 365.


of organizations have at
least one compromised
account each month.


of organizations have at
least one insider threat
each month.

Source: Skyhigh Networks, 2016

The Biggest Cybersecurity Threats
are Inside Your Company

Microsoft’s lead Program Manager, Jason Rogers, recently confirmed that in 2016 alone, malware attacks on Office 365 increased by a whopping 600%. Here are 3 common threats you should know about.

Gartner recently predicted that by 2022, 95% of cloud security failures will be the user’s fault. As you can see, security isn’t just a technical problem. It’s also a people problem, and the biggest information security risk to your organization is human error – whether intentional or not. Examples of costly data loss by user actions include:

  • Using weak passwords
  • Low awareness about phishing and other cybersecurity attacks
  • Careless handling of data

In 2016, millions of Office 365 business users fell victim to a vicious ransomware virus called Cerber, which encrypted and locked all their data. A ransom note and audio warning appeared in their inbox demanding $500 in crypto-currency per mailbox in return for their stolen data.

Ransomware attacks have been increasing over the last few years with damage costs expected to hit $11.5B by 2019.


In 2017, a hacking botnet nicknamed KnockKnock targeted high-value Office 365 business accounts in several companies. This botnet is still active today. It works by trying to login to a single account a number of times by guessing the system password. If unsuccessful, it moves on to a different account within an organization. This botnet keeps a low profile, making it difficult for internal IT teams to detect.


In 2018, hackers deployed a chained phishing campaign that was successfully targeting Fortune 500 companies with Office 365 accounts. The scam attempts to collect usernames and passwords from an employee in the company. The attackers then proceed to harvest their credentials and repeat the attack on other employees and their external contacts.

IBM Security says that the phishing scams are currently active and costing these companies millions of dollars.

Is Microsoft Office 365 Secure?

Yes, very secure.

Yes, very secure.


“ Of the 80 billion messages sent to Office 365 inboxes in a month… over 20 million contain malware or phishing messages.”

Source: CIO magazine, March, 2017

Microsoft spends $1 billion every year on security research and development. This should come as no surprise since the estimated total cost of cyber security attacks in 2017 exceeded $600 billion. But, even though Office 365 is a secure force to be reckoned with, cyberattacks, malware and phishing are becoming more sophisticated, and with growing complexity. By taking a proactive ap-proach to data security, you’ll significantly reduce the risks of costly breaches.

We’ve gathered our best resources and experts to map out a proactive plan of action for your Office 365 security. Read on for best practices and tips.

The only way your organization can effectively mitigate the risks of cyber threats is to be proactive in preventing them. The first place to start? Your Office 365 security settings.

Your first line of defense for increased security is to make sure you set up the features you need. If you want full protection without investing a lot of time, effort and money, find an easy solution that integrates into your Office 365, such as Office Protect. This security tool will make it easy for you to set the following fea-tures with just one click.

7 important settings that will increase Office 365 security

  1. Audit Log Search

    Record user and admin activities. If a security breach happens, you’ll have useful information to help you investigate.

  2. Email Audit

    In the event of a security breach, you can refer to your email audits to figure out what happened.

  3. Multi-factor Authorization

    Multi-factor authentication validates a user’s identity in order to grant access. When activated, users will have to provide a second verification (SMS) to log into their Office 365 accounts.

  4. Outbound Spam Notifications

    Enable Exchange Online to send you an alert if a user within your organization is flagged for sending out spam. An internal account that is flagged for spam can be a sign of compromised credentials and a breach.

  5. Block ‘Bad’ Files Extensions

    There’s really no use for sending a .bat file. You’ll want to block these types of leery files from ever making it to your inbox.

  6. Set Your Password to Never Expire

    According to NIST (National Institute of Standard and Technology), passwords that expire regularly only hinder your efforts to prevent breaches. The only time you should change a password is when a breach happens or a potential one appears. Once you change the password policy for your users, they won’t be asked to change their password on a regular basis.

  7. Unified Event Report

    When this feature is enabled, Microsoft will send you reports on a regular basis. It’s a good idea to consult these reports to help you identify security issues.

See how your employees use Office 365

Did you know that you can monitor how your employees are using and sharing sensitive data stored in Office 365? A report by Skyhigh Networks found that the average company has 204 files on OneDrive containing the word “password” in the file name. That’s a red flag.

To help you gain visibility into what’s happening in your environment, turn on the Office 365 reporting feature or use an easy security management tool like Office Protect to track and report for you.

One more thing. You’ll want to limit the number of admin roles that you assign to users in your organization. Each admin role gives the administrators access privileges to do specific tasks in the Office 365 admin center. To avoid complications in the future, an easy solution is to create temporary admins for a specific amount of time in the Privileged Identity Management feature.

Don’t Forget

Employees need to be aware of the data security risks facing businesses today.

According to CompTIA, only 54% of companies offer some form of cybersecurity training. But policies aren’t enough to secure your data. You need to reinforce security best practices through regular staff training.

Create a solid security awareness program at your organization:

  • Start by assessing the major risks you want to tackle.
  • Develop training content, making sure to include real-world examples.
  • Then, schedule and deliver the training on a regular basis, ending each session with a test to determine if your staff has grasped the information.

The goal is to educate employees on potential risks and give them the tools they need to operate Office 365 securely.

Make It Easy to Protect Your Data

It’s bad enough to have to worry about cybercriminals going after your business. The last thing you need is to invest time and effort managing the risk of insider threats, (i.e., employees compromising sensitive data). Fortunately, there’s a simple and worry-free solution.

Take a look at Office Protect. It’s an easy and affordable solution that’s 100% built by SherWeb, an award-winning cloud provider. This tool is designed specifically for businesses with little to no technical knowledge. It integrates into Office 365 to prevent advanced threats from attacking your system by automatically deploying best security settings in just one click.

Monitoring & Alerts

With 24/7 monitoring, you won’t have to wonder about what’s happening in your environment.

You’ll get live email alerts about:

  • Any changes to your security policy
  • Unusual sign-ins, unknown devices or IP
  • Suspicious mailbox activities
  • Administrator abuse
Request A Free Trial

One-Click Threat Protection

This feature stops threats in their tracks. Office Protect deploys the best security settings to protect your Office 365 account from:

  • Account breaches
  • Elevation of privilege
  • Data exfiltration
  • Password cracking
  • Malicious insiders
  • Data spillage
  • Data deletion
  • Phishing/Whaling
  • Spoofing
Request A Free Trial

Simple Reporting

You get built-in reporting to provide you with insights and more visibility on how your employees are using Offie 365, such as easy-to-read activity dashboards and automated reports.

Request A Free Trial

A Great Opportunity for Resellers

Security is the top concern for SMB owners. They know that any compromised data caused by ransomware hits, phishing scams or one wrong click translates into big money and productivity losses.

As a Managed Service Provider, you can offer your clients simplified and powerful protection for their Office 365 organization.

Consider the following advantages of
adding Office Protect to your portfolio.

An easy way to add value

Your customers will feel safe knowing you can better protect them against the growing security risks of Office 365. With Office Protect, you can easily manage their security. You’ll monitor their Office 365 activities, provide them with reports on a regular basis and collect a nice check in the end.

Request A Free Trial

Build a profitable security service offering

You can’t ignore the potential business revenue from protecting your clients from Office 365 threats. And as an MSP, you need to help businesses that rely on you to prevent costly cyberattacks from ever happening.

With Office Protect, you’ll drive awareness and urgency to the growing security risks of Office 365. And you can build a managed security service offering around it, such as consulting, training, monitoring and management. Not only will you increase revenue, your customers will trust you to address their most critical security problems and concerns.

Request A Free Trial

Have a distinct edge over competitors

Whether you’re selling Office 365 as a way of getting your ‘foot in the door’ or incorporating it to your managed services, you need to find ways to distinguish yourself in today’s competitive market. Business owners are putting security at the top of their priority list and they’re looking for a reliable and responsive threat protection.

Request A Free Trial
Here’s your opportunity to position yourself as their advisor for security for Microsoft’s most targeted solution. With Office Protect, you’re not only offering your clients advanced security for their Office 365 environment, you’ll also be adding a super easy and affordable solution to your portfolio.
Bottom line, it’s a win-win situation