Microsoft Office 365 is used by millions of daily users who store personal data in the cloud. With the GDPR and its new cybersecurity standards around the corner, you’re going to want to step up Office 365 encryption. Here’s how to do it.
Microsoft Office 365 is the preferred business productivity suite for nearly 100 million active users, and it’s easy to see why. You can work across a variety of devices, including mobile, Mac, and PC, and it’s simple for businesses and their employees to share and collaborate on projects thanks to data saved on the cloud. Subscription plans offer the latest versions of Excel, PowerPoint, Outlook, and Word, as well as cloud-based services such as OneDrive and SharePoint Online where users regularly store sensitive personal data.
With the GDPR is right around the corner, it’s important to protect all that information. On May 25, 2018, the European Union will put into effect the General Data Protection Regulation, a new set of cybersecurity rules that demand enterprise companies step up their protection methods to prevent the erasure, manipulation, or theft of personal data. Failure to implement new security measures may result in steep fines, loss of business, and a parade of reputation-damaging headlines—just look at Equifax or Yahoo’s latest breaches, among the largest security snafus to ever happen.
According to the GDPR, the best way to avoid a data breach is to implement industry best practices, primarily data encryption, which makes stolen data useless to anyone without authorization to access it. Thanks to built in security from Microsoft and solutions from eperi, businesses and their employees can take matters into their own hands and improve encryption in Office 365 with these tips.
Use Multi-Factor Authentication
Combined with Microsoft Azure services, Office 365 offers several built-in capabilities and controls that can help customers meet GDPR compliance requirements. One of the best tools to use is two-factor, or multi-factor authentication, which requires an employee to have access to an app, email address, or text message on a smartphone and to know a randomly generated password instead of a fixed code that can be guessed. This type of security sounds simple since it’s available in lots of common applications from Gmail to Xbox Live, but it needs to be adopted by more businesses.
Implement Data Loss Prevention (DLP)
DLP is a set of strategies and tools within Office 365’s own Security and Compliance Center that admins can activate to scan and control the stream of sensitive information traveling outside of a company’s network. For example, you can configure rules that help prevent the chance of credit card numbers, health records, salaries, source code, and other personal data stored in OneDrive, SharePoint Online, and Exchange Online mailboxes from leaking. One such measure is the notifications that alert users if they have sensitive information in the body of their email before they send an email. Alerts like these can save employees from costly mistakes and help businesses become more familiar with GDPR best practices and compliance.
User Customer Lockbox
Customer Lockbox is a useful Office 365 feature that allows you to control how much of your data a Microsoft support engineer can access during a help session. With the Lockbox, you can either approve or reject the support’s request to see your data while troubleshooting an issue. If given consent, the support engineer can access the data for only a certain amount of time before the issue is resolved and the request is closed and access is revoked. Consent and the ability to revoke consent are essential GDPR issues.
Use eperi Cloud Data Protection
Out of the box, eperi Cloud Data Protection for Office 365 can encrypt all of a company’s data stored in Office 365, including calendars, email, tasks, OneDrive, and SharePoint. Using pseudonymization, personal data in cloud applications and services is encrypted or tokenized and rendered unreadable by anyone but only authorized, internal users. Even external administrators are unable to read the encrypted data without the authorized encryption keys, which are always under your control. With the eperi solution, you become a designated controller capable of meeting GDPR security standards by leveraging the best data protection methods available.