Office 365 Security Risks Rise As Corporate Adoption Increases

Nearly three quarters (71.4 percent) of Microsoft Office 365 enterprise customers have at least one compromised account each month according to a report by Skyhigh Networks, which found use of the cloud-based office suite among employees is rising rapidly.

The company, which offers insights into how Office 365 is being used in a corporate environment, collected data from 600 businesses and 27 million employees and discovered 22.3 percent of workers were now using Office 365 – an increase of 320 percent from 6.8 percent nine months ago.

The most popular application is OneDrive, while financial services firms reliant on Excel are the heaviest users. Microsoft’s enterprise social network Yammer is the least used.

Office 365 security

However wider use brings security risks. In addition to compromised accounts, 57 percent have an insider threat at least once a month and 45.9 percent suffered a minimum of one privileged user threat.

The average company sees 5.6 million ‘events’ each month, such as file uploads, logins and edits, of which 256 are described as ‘anomalous’. These might be logins from two separate locations or unusual volumes of download traffic. Just 2.7 are genuine threats.

Security is always a key concern for businesses, but even more so as cloud applications being to handle more sensitive information. According to the report, 17.1 percent of files stored on OneDrive can be considered ‘sensitive’. This includes confidential data, personally identifiable information, health data or payment details.

On average there are 204 files in each corporate Office 365 environment that stores unencrypted passwords called ‘passwords’.

Microsoft itself has a responsibility too.Last month, it patched a vulnerability that could have allowed an attacker to gain access to any account at a business with a federated domain. The group of companies that use federated domains includes some of the biggest names in technology, such as IBM, Cisco, BT, Vodafone and Microsoft itself, and high profile firms like British Airways, PwC and KPMG.

New approach

“It is surprising that businesses and employees are still taking a relaxed approach to document security, especially when you consider the high frequency of threats,” said Skyhigh Networks’ Nigel Hawthorn. “You would hope that the spate of high-profile data breaches would make enterprises sit up and take notice about the need for encryption, but the amount of unencrypted sensitive data stored on OneDrive is increasing.

“More than half of documents across all cloud services that contain sensitive data are stored in Microsoft Office formats. This percentage will only increase as OneDrive becomes more tightly integrated to the rest of the suite.

“Therefore, it’s imperative for businesses to educate their employees about how to safely store documents in the cloud; and that need is even more vital in industries where the nature of data is likely to be highly sensitive such as in financial services or healthcare, two of the biggest users of Office 365.”

The subscription model for Office 365 is more lucrative for Microsoft than selling licences for major refreshes of the suite every few years, while companies benefit from the latest version of the software without the need to constantly apply updates.

Microsoft has added numerous features to Office 365 in a bid to spread adoption, while Microsoft will open a data centre in the UK later this year, providing a boost to performance for British customers and helping those in regulated industries.

Think you know all about Microsoft Office? Try our quiz!