When it comes to email, document storage, and online browsing, security should be foremost. Join us for a 30-minute webinar where we will discuss how you can use built-in features of Office 365 to protect your organization. Learn how to protect your systems and keep data in the hands of only those users who need it.
This webinar is intended for organizations that already use Office 365, or those that want to better understand how Office 365 can keep their communications and data secure.
2. Using ReadyTalk
Chat to ask questions
All lines are muted
If you lose your Internet connection, reconnect
using the link emailed to you.
You can find upcoming and past webinars on
the TechSoup website:
www.techsoup.org/community/events-webinars
You will receive an email with this presentation,
recording, and links
Tweet us @TechSoup and use hashtag
#tswebinars
4. Acclivity
Adobe
Alpha Software
Atlas Business Solutions
Atomic Training
Autodesk
Azavea
BetterWorld
Bitdefender
Blackbaud
Bloomerang
Box
Brocade
Bytes of Learning
Caspio
CauseVox
CDI Computer Dealers
Cisco
Citrix
CitySoft
CleverReach
ClickTime
Closerware
Comodo
Connect2Give
Dell
Dharma Merchant Services
Digital Wish
Dolby
DonorPerfect
Efficient Elements
FileMaker
GoDaddy
GrantStation
Guide By Cell
Headsets.com
Horizon DataSys
HR Solutions Partners
Huddle
Idealware
InFocus
Informz
InterConnection
Intuit
JourneyEd
Litmos
Little Green Light
Mailshell
Microsoft
Mobile Beacon
NetSuite
Nielsen
NonProfitEasy
O&O Software
Quickbooks Made Easy
Reading Eggs
ReadyTalk
Red Earth Software
Sage Software
Shopify
Simple Charity Registration
Skillsoft
Smart Business Savings
Society for Nonprofit Organizations
Sparrow Mobile
Symantec
Tableau
TechBridge
Tech Impact
Teespring
Telosa
Tint
Ultralingua
Western Digital
Zoner
5. Presenters
Linda Widdop
Director of Client Solutions and Education - IT
Services
TechImpact
Cameron Jones,
Vice President, Solutions and Services
TechSoup
Sima Thakkar
Senior Manager, Content
TechSoup
Assisting with chat:
Zerreen Kazi, TechSoup
Sima Thakkar
Senior Manager, Content
TechSoup
Cameron Jones
Vice President,
Solutions and Services,
TechSoup
Linda Widdop
Director of Client
Solutions and Education -
IT Services, Tech Impact
6. Office 365 Security Features that Nonprofits Should Know and Use
February 11, 2019
7. ABOUT US
Providing high impact
services to nonprofits
since 2003
Tech Impact Philosophy & Team
9. Cloud Redundancy
Security Monitoring
Cloud Identity
Device Management
Application Selection
Visualization
Analysis
Data Support
Managed Services
VoIP Telephony
Cloud Infrastructure
Cloud Collaboration
Strategy Consulting
Machine Learning & AI
Virtual CIO
Community Design
DigitalTransformationforSocialChange
4
changing the
world through
community-
grounded
technology
10. • Just like you, we are a 501c3 Nonprofit
• 60 full time, dedicated nonprofit staff
• 4 main offices – Phila, DC, Wilmington, Las Vegas
• Providing IT Services to Nonprofits since 2003
• Serving 200+ NGO’s with Managed IT Services nationally
• Network engineering and implementation nationally
• 900+ Office365 Assessment & Implementations globally
• VoIP Phone Services nationally
• Data Analytics and Support Services
Solutions.Integration.Support.
12. Security Concerns
External Hackers
• Cash (ransom payments, payroll
redirection, account credentials)
• Marketable Data (sold per record for
medical fraud or tax scams)
• Embarrassing Information (activist hackers
looking to damage your organization)
Internal Staff
• Accidental distribution of sensitive information
(emailed PII, lost devices, etc)
• Intentional coverup of questionable or illegal
behavior (deleting or modifying records)
• Intentional removal of sensitive information
for profit, espionage, or extortion
13. Cyber Security Threat Vectors
8
Account
Security
Device
Security
Ensure our devices are safe and
that their loss will not endanger the
organization
Malware
Controls
Network
Controls
Minimize the exposure of our
devices to risky software and
websites, and ensure that active
protections are in place to defend
against new and unknown malware
Monitor our networks and protect
them from direct penetration
attempts
Ensure that people have only the
level of access they really need,
and that we know who is
accessing what
Data
Loss
Controls
Item-
level
Encrypt-
ion
Ensure that sensitive information
doesn’t intentionally or
accidentally get put somewhere
unsafe, or sent to someone who
shouldn’t have it
Provide extra protection to
specific highly sensitive
information to prevent sharing
14. What is Device Security
• Allows organizations to limit which devices are accessing data
• Allows organizations to enforce settings on devices that are exposed
to sensitive information
• Allows organizations to manage updates, anti-virus, and other key
features of mobile devices
• Allows organizations to wipe sensitive data from devices when
employees leave or devices are lost
Device
Security
15. What is Item-Level Encryption
• Allows organizations to protect sensitive data regardless of it’s
location. Protected files can be stored on thumb drives or emailed
outside of the organization without fear of data loss.
• Prevents users from sharing content unless permitted by the
organization. Protected files can’t be forwarded and some control is
provided over printing, copy/paste, etc.
Item-
level
Encrypt-
ion
16. What are Data Loss Controls
• Monitor for the accidental or intentional sharing of sensitive
information like Social Security Numbers and other PII
• Monitor the location of sensitive information
• Use heuristic analysis to identify suspicious patterns of behavior that
might indicate compromise or intentional removal of data
Data
Loss
Controls
17. What is Account Security
• Ensure that each account is used by one user
• Ensure that each account is used by the correct user
• Monitor for suspicious login activity
Account
Security
18. How can we protect ourselves?
13
Malware
Controls
Data
Loss
Controls
Account
Security
Device
Security
Network
Controls
Item-
level
Encrypt-
ion
Antivirus/Antimalware
Content Filtering Tools
Firewalls/VPNs
OS Version/updates
19. What can Office 365 do?
14
Data
Loss
Controls
Account
Security
Device
Security
Item-
level
Encrypt-
ion
• Ensure only secure devices can access our cloud-based data
• Configure devices for encryption, strong passwords, and other key
compliance settings
• Enforce Multi Factor authentication
• Monitor for unauthorized account access attempts
• Monitor for account or security configuration changes
• Detect and mitigate attempts to send sensitive information
externally or via insecure methods
• Ensure sensitive information isn’t stored in insecure locations
• Protect key records by ensuring they are encrypted no matter where
they live
• Prevent staff from sharing highly sensitive information
20. Levels of Concern Vary
15
Data
Loss
Controls
Account
Security
Device
Security
Item-
level
Encrypt-
ion
Any Nonprofit
Orgs with standard
regulatory requirements
(HIPPA, FIRMA, etc)
Orgs with stringent
regulatory requirements
(Banking, GDPR)
Orgs with resourced
political enemies
Low LowLow Med
Med
High
High HighHigh High
High
Med
High
Low
Med
Med
22. Enterprise Licensing in Microsoft Cloud
• Office 365 – E1, E3, E5
• Enterprise Mobility + Security (EMS) – E3, E5
• Microsoft 365 – Bundle: Windows 10, Office 365, EMS
• Add-ons
• Office ProPlus
• Azure Rights Management
• Online Archiving
• Advanced Threat Protection
17
23. Office 365 Nonprofit Licenses
18
Calling plans are flat rate
$12 domestic / $24
international
per user per month or
consumption based per
minute.300 license limit 300 license limit 1000 license limit unlimited
26. ž EMS E3 – up to 50 free, then
$2.50/user/month
ž Azure Active Directory P1
ž Azure Information Protection P1
ž Advanced Threat Analytics
ž Intune
•
21
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis
27. Levels of Microsoft Licensing Required
Data
Loss
Controls
Account
Security
Device
Security
Item-
level
Encrypt-
ion
Any Nonprofit
Orgs with standard
regulatory requirements
(HIPPA, FIRMA, etc)
Orgs with stringent
regulatory requirements
(Banking, GDPR)
Orgs with resourced
political enemies
29. How can we protect ourselves?
• Available through TechSoup or MSP
• Subscribe (DNS Umbrella, Barracuda, etc)
• Install/Configure a good firewall
• Windows 10 PRO – a must!
24
Malware
Controls
Device
Security
Network
Controls
Antivirus/Antimalware
Content Filtering Tools
Firewalls/VPNs
OS Version/updates
Do This First!
30. Levels of Professional Support Needed
Data
Loss
Controls
Account
Security
Device
Security
Item-
level
Encrypt-
ion
Any Nonprofit
Orgs with standard
regulatory requirements
(HIPPA, FIRMA, etc)
Orgs with stringent
regulatory requirements
(Banking, GDPR)
Orgs with resourced
political enemies
31. Recommended roadmap
Protect
User Impact
Detect
Respond
LASTNOW NEXT
Create data
inventory & sharing
policies
Low Moderate
Enable Data loss prevention
tools
High
Implementation Complexity
Implement SSO for all
applications
Enable MFA for
all users
Monitor admin accounts
Monitor for account and credential abuse
Enable MFA for admin
users Limit administrative
users
Implement comprehensive device
management tools
Implement social penetration testing and training tool
Develop capabilities to monitor alerts, investigate incidents, initiate remediation actions, and integrate lessons learned
Perform periodic external penetration testing
Develop a culture of security
Manage personal devices
Enable device based
encryption
Implement VPN or
network inspection tools
37. Q&A
This is your chance! Use the chat box to ask us
any questions you have about this
presentation.
38. Share and Learn
Chat in one thing that you learned in today’s
webinar.
Please complete our post-event survey. Your
feedback really helps.
Follow TechSoup on social media
(FB, Instagram, Twitter)
Visit the TechSoup Blog at blog.techsoup.org
39. Join us for our
upcoming webinars.
2/19
Cybersecurity in Low-Risk Organizations:
Understanding Your Risk and Making Practical
Improvements
2/21
Maximize Spring Fundraising and Maintain
Donors Through 2020
2/28
How to Drive Social Media Engagement with
Nonprofit Storytelling
3/11
How to Be a Data-Driven Organization with
Power BI
Archived Webinars:
www.techsoup.org/community-events
40.
41. Thank you to our
webinar sponsor!
Please complete the post-event survey that will
pop up once you close this window.