Cybersecurity

US Department of Homeland Security Warns of Office 365 Security Risks

We have been discussing the abrupt roll-out of remote workforce capabilities both in this space (here and here) and in our recent webinar.   As companies raced to get employees up and running remotely, business continuity was the primary focus, while privacy and cybersecurity issues likely took a backseat.   The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert providing security advice for companies that may have rushed out Microsoft Office 365 (O365) deployments to support these remote work environments. 

CISA warns in this latest alert that it continues to see companies that have failed to implement the necessary security for the Office 365 implementation, and expresses concern that the hurried nature of the deployments may have led to important security configuration oversights that could be (and have been in the past) exploited by bad actors.

CISA says “In recent weeks, organizations have been forced to change their collaboration methods to support a full ‘work from home’ workforce… While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy.