SharePoint security mistakes to avoid and how to lock it down


There is no denying that there have been many organisations that embraced Office 365 as their collaboration and productivity platform of choice. More than 28 million active Office 365 users and 160 million SharePoint users worldwide confirm this. With the incessant growth of SharePoint users and many employees becoming more mobile, the need for protecting your sensitive data as it leaves your corporate network has become imperative.

SharePoint security mistakes to avoid

While SharePoint itself is secured, it is still susceptible to a data breach if your users are committing some of the common security mistakes. If you aren't too sure what these might be, five of the most important mistakes are:

  • Access rights that are too broad.

Having implemented SharePoint for many organisations, we have seen shared administrator accounts or user accounts that have access rights to sites and data unnecessarily. While this may seem convenient and easier to manage, it can increase the risk of a data breach if users are given access privileges to data that they shouldn’t have or don't need.

  • Too much constraint.

Some organisations choose to lock down SharePoint and remove external sharing capabilities. When employees can’t share their files from SharePoint to an external party, they tend to find workarounds to get the job done by using ungoverned personal accounts with file sharing apps like Dropbox or Google Drive. Whilst it does help them stay productive, it becomes a security issue from an IT perspective. With unapproved apps there is no visibility with how much data is being kept or shared, and worse still there is no way for you to prevent data leaks or recover from them when they happen.

  • Using default or weak access controls.

Using weak passwords or keeping the same password for a long period of time is one of the most common ways that employees put your SharePoint environment and eventually, your business at risk. Birthdays or consecutive numbers are very easy to guess and without tools like multi-factor authentication (MFA), you are more open to threats like phishing attacks.

  • Ignoring patch management.

Like many apps, SharePoint also needs to be regularly updated and patched. Without it, SharePoint is open to vulnerabilities and threats that can compromise the security of your data. Make sure you have proper patch management scheduled to prevent zero-day attacks. 

Watch this recorded webinar

In our recent SharePoint Security 101 webinar, we talked about these common security mistakes and how you can avoid them. Fast forward the video to 8:40 to go straight to the mistakes, you can watch the recording from the beginning. Our Microsoft SharePoint and workplace innovation expert Paul Bamrah describes how you can avoid these security mistakes and how you can keep your SharePoint environment operating more securely.

How do I protect my SharePoint environment?

With the increasing number of reported cybercrimes based on last year’s ACSC Threat Report and the implementation of NDB and GDPR (Notifiable Data Breach scheme and General Data Protection Regulation), organisations have even greater obligations to protect their data.

Traditional security tools such as firewalls and anti-virus are no longer enough. So how do you keep the data stored in your SharePoint environment locked down? Fortunately, Microsoft makes it a lot easier for organisations to stay cyber secured and compliant:

1. Prevent data loss.

Have you ever mistakenly sent a confidential email to someone? Have you accidentally shared personally identifiable information (PII) such as credit card numbers to the wrong people? Data Loss Prevention (DLP) policies can identify PII across Office 365 including SharePoint, emails and OneDrive content, preventing the accidental sharing of sensitive information. You can easily set this up on your existing Office 365 Enterprise plan subscription without paying extra fees.

2. Classify and label documents.

Depending on the sensitivity of your content, you can classify and label documents with persistent protection regardless of whom the document was shared with or where it is stored. Azure Information Protection (AIP) is a tool in the Microsoft Enterprise Mobility + Security (EMS) stack that provides administrators with the capability to define how content is protected using automatic or recommended classification.

3. Detect breaches before they cause damage.

Much of the content being shared to and from SharePoint environments is via email communications, so having the ability to protect against malware or unsafe links used for phishing attacks becomes a basic necessity for any IT administrator. Office 365 Threat Protection can identify and block malicious files that may otherwise end up in online libraries such as SharePoint, OneDrive and Microsoft Teams. Coupled with Office 365 Cloud App Security, you have insight into the threats being targeted at your business and users in Exchange Online and SharePoint Online.

4. Gain visibility and control of data in the cloud.

If your business is not yet in the cloud, your employees will be to some degree, even more so if they are working remotely or are frequently mobile. The use of Dropbox or other file sharing apps can compromise your data’s security if there is no control over what they are sharing or storing in the cloud. With Cloud App Security, you get visibility on what cloud apps are being used within your organisation and can identify the potential risks that it can bring based on up to sixty factors.

5. Protect data on the go.

Have you ever lost your mobile device or laptop? User credentials get compromised in this kind of situation and result in a security breach that can impact your SharePoint environment and other apps. With organisations supporting BYOD, a frontline defence for mobile devices is a must-have. Microsoft Intune can help your users to stay productive on the go while protecting your corporate data at all times. —regardless of the device they are using. You can set granular policies to control data access as well.

As well as these security tools, you also need to consider having a good backup strategy. This will allow your business to recover from a breach, malware attack or malicious insider actions. Backups must be scheduled regularly, at whichever time makes sense for your organisation. You also need to make sure that you are compliant with business requirements such as long-term backup and offsite storage, as well as having full fidelity restoration. This means you will have the ability to do a full restore or a point-in-time recovery of individual files. 

Secure your SharePoint environment today!

Get started with learning how you can keep your SharePoint environment safe and secured. Not sure where to begin? Book a free 1-hour consultation with one of our workplace innovation and security experts by calling 1800-126-499 or leave a comment below.

Write a Comment

Talk to us

If you would like to learn more, complete the form below and one of our team will be in contact.

Your information will never be shared or sold to a 3rd party,
please read our privacy policy.