Office 365 Security Features That Nonprofits Should Know and Use

Office 365 Security
Features that
Nonprofits Should
Know and Use
February 11, 2019

Using ReadyTalk
Chat to ask questions
All lines are muted
If you lose your Internet connection, reconnect
using the link emailed to you.
You can find upcoming and past webinars on
the TechSoup website:
www.techsoup.org/community/events-webinars
You will receive an email with this presentation,
recording, and links
Tweet us @TechSoup and use hashtag
#tswebinars

A Global Network
Bridging Tech Solutions
and Services for Good
Where are you on the map?

Acclivity
Adobe
Alpha Software
Atlas Business Solutions
Atomic Training
Autodesk
Azavea
BetterWorld
Bitdefender
Blackbaud
Bloomerang
Box
Brocade
Bytes of Learning
Caspio
CauseVox
CDI Computer Dealers
Cisco
Citrix
CitySoft
CleverReach
ClickTime
Closerware
Comodo
Connect2Give
Dell
Dharma Merchant Services
Digital Wish
Dolby
DonorPerfect
Efficient Elements
FileMaker
GoDaddy
GrantStation
Guide By Cell
Headsets.com
Horizon DataSys
HR Solutions Partners
Huddle
Idealware
InFocus
Informz
InterConnection
Intuit
JourneyEd
Litmos
Little Green Light
Mailshell
Microsoft
Mobile Beacon
NetSuite
Nielsen
NonProfitEasy
O&O Software
Quickbooks Made Easy
Reading Eggs
ReadyTalk
Red Earth Software
Sage Software
Shopify
Simple Charity Registration
Skillsoft
Smart Business Savings
Society for Nonprofit Organizations
Sparrow Mobile
Symantec
Tableau
TechBridge
Tech Impact
Teespring
Telosa
Tint
Ultralingua
Western Digital
Zoner

Presenters
Linda Widdop
Director of Client Solutions and Education - IT
Services
TechImpact
Cameron Jones,
Vice President, Solutions and Services
TechSoup
Sima Thakkar
Senior Manager, Content
TechSoup
Assisting with chat:
Zerreen Kazi, TechSoup
Sima Thakkar
Senior Manager, Content
TechSoup
Cameron Jones
Vice President,
Solutions and Services,
TechSoup
Linda Widdop
Director of Client
Solutions and Education -
IT Services, Tech Impact

Office 365 Security Features that Nonprofits Should Know and Use
February 11, 2019

ABOUT US
Providing high impact
services to nonprofits
since 2003
Tech Impact Philosophy & Team

Our mission
Empower communities and nonprofits
to use technology to better serve our
world.

Cloud Redundancy
Security Monitoring
Cloud Identity
Device Management
Application Selection
Visualization
Analysis
Data Support
Managed Services
VoIP Telephony
Cloud Infrastructure
Cloud Collaboration
Strategy Consulting
Machine Learning & AI
Virtual CIO
Community Design
DigitalTransformationforSocialChange
4
changing the
world through
community-
grounded
technology

• Just like you, we are a 501c3 Nonprofit
• 60 full time, dedicated nonprofit staff
• 4 main offices – Phila, DC, Wilmington, Las Vegas
• Providing IT Services to Nonprofits since 2003
• Serving 200+ NGO’s with Managed IT Services nationally
• Network engineering and implementation nationally
• 900+ Office365 Assessment & Implementations globally
• VoIP Phone Services nationally
• Data Analytics and Support Services
Solutions.Integration.Support.

Security Concerns
External Hackers
• Cash (ransom payments, payroll
redirection, account credentials)
• Marketable Data (sold per record for
medical fraud or tax scams)
• Embarrassing Information (activist hackers
looking to damage your organization)
Internal Staff
• Accidental distribution of sensitive information
(emailed PII, lost devices, etc)
• Intentional coverup of questionable or illegal
behavior (deleting or modifying records)
• Intentional removal of sensitive information
for profit, espionage, or extortion

Cyber Security Threat Vectors
8
Account
Security
Device
Security
Ensure our devices are safe and
that their loss will not endanger the
organization
Malware
Controls
Network
Controls
Minimize the exposure of our
devices to risky software and
websites, and ensure that active
protections are in place to defend
against new and unknown malware
Monitor our networks and protect
them from direct penetration
attempts
Ensure that people have only the
level of access they really need,
and that we know who is
accessing what
Data
Loss
Controls
Item-
level
Encrypt-
ion
Ensure that sensitive information
doesn’t intentionally or
accidentally get put somewhere
unsafe, or sent to someone who
shouldn’t have it
Provide extra protection to
specific highly sensitive
information to prevent sharing

What is Device Security
• Allows organizations to limit which devices are accessing data
• Allows organizations to enforce settings on devices that are exposed
to sensitive information
• Allows organizations to manage updates, anti-virus, and other key
features of mobile devices
• Allows organizations to wipe sensitive data from devices when
employees leave or devices are lost
Device
Security

What is Item-Level Encryption
• Allows organizations to protect sensitive data regardless of it’s
location. Protected files can be stored on thumb drives or emailed
outside of the organization without fear of data loss.
• Prevents users from sharing content unless permitted by the
organization. Protected files can’t be forwarded and some control is
provided over printing, copy/paste, etc.
Item-
level
Encrypt-
ion

What are Data Loss Controls
• Monitor for the accidental or intentional sharing of sensitive
information like Social Security Numbers and other PII
• Monitor the location of sensitive information
• Use heuristic analysis to identify suspicious patterns of behavior that
might indicate compromise or intentional removal of data
Data
Loss
Controls

What is Account Security
• Ensure that each account is used by one user
• Ensure that each account is used by the correct user
• Monitor for suspicious login activity
Account
Security

How can we protect ourselves?
13
Malware
Controls
Data
Loss
Controls
Account
Security
Device
Security
Network
Controls
Item-
level
Encrypt-
ion
Antivirus/Antimalware
Content Filtering Tools
Firewalls/VPNs
OS Version/updates

What can Office 365 do?
14
Data
Loss
Controls
Account
Security
Device
Security
Item-
level
Encrypt-
ion
• Ensure only secure devices can access our cloud-based data
• Configure devices for encryption, strong passwords, and other key
compliance settings
• Enforce Multi Factor authentication
• Monitor for unauthorized account access attempts
• Monitor for account or security configuration changes
• Detect and mitigate attempts to send sensitive information
externally or via insecure methods
• Ensure sensitive information isn’t stored in insecure locations
• Protect key records by ensuring they are encrypted no matter where
they live
• Prevent staff from sharing highly sensitive information

Levels of Concern Vary
15
Data
Loss
Controls
Account
Security
Device
Security
Item-
level
Encrypt-
ion
Any Nonprofit
Orgs with standard
regulatory requirements
(HIPPA, FIRMA, etc)
Orgs with stringent
(Banking, GDPR)
Orgs with resourced
political enemies
Low LowLow Med
Med
High
High HighHigh High
High
Med
High
Low
Med
Med

Enterprise Licensing in Microsoft Cloud
• Office 365 – E1, E3, E5
• Enterprise Mobility + Security (EMS) – E3, E5
• Microsoft 365 – Bundle: Windows 10, Office 365, EMS
• Add-ons
• Office ProPlus
• Azure Rights Management
• Online Archiving
• Advanced Threat Protection
17

Office 365 Nonprofit Licenses
18
Calling plans are flat rate
$12 domestic / $24
international
per user per month or
consumption based per
minute.300 license limit 300 license limit 1000 license limit unlimited

Office 365 E3 Security Features
19

Office 365 E5 Advanced Security Features
20
O365 E3 + :

ž EMS E3 – up to 50 free, then
$2.50/user/month
ž Azure Active Directory P1
ž Azure Information Protection P1
ž Advanced Threat Analytics
ž Intune
•
21
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis

Levels of Microsoft Licensing Required
Data
Loss
Controls
Account
Security
Device
Security
Item-
level
Encrypt-
ion
Any Nonprofit
Orgs with standard
(HIPPA, FIRMA, etc)
Orgs with stringent
(Banking, GDPR)
Orgs with resourced
political enemies

How can we protect ourselves?
• Available through TechSoup or MSP
• Subscribe (DNS Umbrella, Barracuda, etc)
• Install/Configure a good firewall
• Windows 10 PRO – a must!
24
Malware
Controls
Device
Security
Network
Controls
Antivirus/Antimalware
Content Filtering Tools
Firewalls/VPNs
OS Version/updates
Do This First!

Levels of Professional Support Needed
Data
Loss
Controls
Account
Security
Device
Security
Item-
level
Encrypt-
ion
Any Nonprofit
Orgs with standard
(HIPPA, FIRMA, etc)
Orgs with stringent
(Banking, GDPR)
Orgs with resourced
political enemies

Recommended roadmap
Protect
User Impact
Detect
Respond
LASTNOW NEXT
Create data
inventory & sharing
policies
Low Moderate
Enable Data loss prevention
tools
High
Implementation Complexity
Implement SSO for all
applications
Enable MFA for
all users
Monitor admin accounts
Monitor for account and credential abuse
Enable MFA for admin
users Limit administrative
users
Implement comprehensive device
management tools
Implement social penetration testing and training tool
Develop capabilities to monitor alerts, investigate incidents, initiate remediation actions, and integrate lessons learned
Perform periodic external penetration testing
Develop a culture of security
Manage personal devices
Enable device based
encryption
Implement VPN or
network inspection tools

Professional Help is Available
27

TechSoup Services Offers that Support Office 365 Set-Up and Migration
• Basic Office 365 Set-Up
• This includes registration, O365 set up,
admin and end user training
• Office 365 Email Migration (<20 Users)
• Migrating organization’s emails to their O365
accounts and end cost is based on number
of mail boxes
• Office 365 DIY Migration Workshop for Small
Organizations
• Series of live instructional webinars
designed to guide organizations through
the process of migrating
YMCA East Bay
$400
$450 +
$310
Request a consult from our experts at:
https://page.techsoup.org/services

• Office 365 Email Migration (20+ users)
• SharePoint Set-Up
• SharePoint Data Migrations
• Power BI Set-Up & Configuration
YMCA East Bay
Custom
Quote

Other Services to Support Nonprofits:
• IT Help Desk
• One-time fix - $55
• Ongoing support subscriptions - $35 per device per month
• Managed IT Services
• Ongoing support with custom quote
YMCA East Bay

Q&A
This is your chance! Use the chat box to ask us
any questions you have about this
presentation.

Share and Learn
Chat in one thing that you learned in today’s
webinar.
Please complete our post-event survey. Your
feedback really helps.
Follow TechSoup on social media
(FB, Instagram, Twitter)
Visit the TechSoup Blog at blog.techsoup.org

Join us for our
upcoming webinars.
2/19
Cybersecurity in Low-Risk Organizations:
Understanding Your Risk and Making Practical
Improvements
2/21
Maximize Spring Fundraising and Maintain
Donors Through 2020
2/28
How to Drive Social Media Engagement with
Nonprofit Storytelling
3/11
How to Be a Data-Driven Organization with
Power BI
Archived Webinars:
www.techsoup.org/community-events

Thank you to our
webinar sponsor!
Please complete the post-event survey that will
pop up once you close this window.

Office 365 Security Features That Nonprofits Should Know and Use

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to Office 365 Security Features That Nonprofits Should Know and Use

Similar to Office 365 Security Features That Nonprofits Should Know and Use (20)

More from TechSoup

More from TechSoup (20)

Recently uploaded

Recently uploaded (20)

Office 365 Security Features That Nonprofits Should Know and Use