Enhancing Security for Microsoft 365 Services
Many financial institutions depend on productivity products like Microsoft Teams, Exchange Online, OneDrive, and SharePoint to enhance their business operations. More specifically, a significant percentage of community banks and credit unions use Microsoft 365 (M365) and Exchange Online to provide email service for their employees, based on the findings of Safe Systems’ 2023 Cybersecurity Outlook for Community Banks and Credit Unions survey.
This recent research indicates that more than 119 out of 144 respondents—83%—use M365 and Exchange Online for their email service. Despite the widespread adoption, some community banking institutions are not aware that when they leverage these cloud-based services, extra security measures must be implemented Therefore, some may not be utilizing all the available security settings or services to their fullest potential.
To protect their M365 infrastructure, institutions are customizing Microsoft’s out-of-the-box security services. For instance, 50% of 114 survey respondents use dual or multifactor authentication (MFA). An additional 40% of the same respondents supplement dual or MFA with security configurations such as conditional access policies (CAPs).
MFA is a crucial security measure because it can block 99% of account compromise attacks, according to Microsoft. But cybercriminals are launching more sophisticated attacks to exploit human error and bypass MFA requirements. Case in point: There are over 300 million fraudulent sign-in attempts to Microsoft’s cloud services every day—and cyberattacks are escalating. Financial institutions must remain vigilant and constantly modify their efforts to ensure the most effective use of MFA.
Conditional Access Policies
Banking institutions that use M365 services should also be aware that the implementation of additional security controls is their responsibility, not Microsoft or a licensed reseller. The use of Conditional Access Policies (CAPs) is a key strategy for securing Entra ID (formerly known as Azure AD) because they are the highest control layer for access (sign-ins) within Azure. Using multiple CAPs—those that target a mixture of MFA, applications, clients, locations, compliance status, and device types—is an ideal way to add protective layers within Azure.
Beyond covering M365 services, the survey offers valuable, peer-to-peer insights on these other important prevention and detection security layers, such as employee security awareness training and testing, vulnerability and patch management, email infrastructure, and cybersecurity preparedness.
Download our latest white paper to learn more about how your financial institution can enhance security when using Azure or any M365 services.