Small- and medium-sized businesses have to deal with the same cyberattacks and the same industry and government data regulations as large companies, but without the big IT department and budget to plan and implement protective measures. Migration to the cloud helps, but still leaves some very important vulnerabilities, like social engineering-based attacks. We will help you evaluate how secure your business data is and propose concrete steps to fix the vulnerabilities.

    Users face multiple threats, from credential theft (like Mimikatz, password spray, or breach harvesting), to malware (viruses, ransomware, and the like), to phishing (gaining access to a user's credentials) and infrastructure attacks.

    Phishing is by far the number one threat for any company these days. Cloud-migrated organizations are especially vulnerable because they have an almost perfect environment; everything is configured correctly and documents, historic emails dating back many years, and company info is available at ANY time, from ANY device, from ANY place. Criminals don't need to waste their time figuring out host names, encryption types, protocols, and getting through some mistakes in integration and external publishing of internal services. Everything works all the time, everywhere. But there's a solution -- companies need to start using tools and services that already exist and are built into the platform but not enabled by default. Some of them are very powerful and free, like a basic level of MFA. Some will require an additional license.

    With the Free Office 365 Security Assessment service, IT Partner will connect to your Office 365 tenant and use tools like Secure Score, Azure AD, and PowerShell to generate a security report that will reflect your current situation and contain a prioritized list of recommendations on how to increase your data security, control, and protection.

    Our objective is to assess your current security state and offer solutions to remediate high-priority security concerns.

    The project will be considered successful when you get information about:

    1. Your single-digit Secure Score
    2. List of potential vulnerabilities sorted in order of importance
    3. Recommendation on how to increase your protection and Secure Score
    4. Quote for IT Partner's services in case you'd like us to work on your tenant hardening

    IT Partner responsibilities #

    • Office 365 data collection and analysis
    • Building of a security report

    Client responsibilities #

    • Providing a dedicated point of contact responsible for working with IT Partner
    • Coordinating any outside vendor resources and schedules (if needed)
    • Setting up temporary access with global admin permissions

    Outside the scope of this project (additional cost items) #

    • Initial setup and configuration of any Office 365 services
    • Gathering of any data located outside of Office 365 tenant (for example, desktop computers, servers, and active networking equipment are outside the scope)

    Prerequisites #

    • You must have an Office 365 tenant used in a production environment
    • You must have a global admin access to your Office 365 tenant

    Plan #

    The plan may vary depending on your needs.

    1. Kickoff meeting
    2. Identify security objectives
    3. Assess your current security state and identify security gaps
    4. Provide recommendations and best practices
    5. Create an actionable security roadmap
    6. Meeting to review the deliverables

    Results #

    You get a clear understanding of how to protect your cloud-migrated business from sophisticated threats hidden in email attachments and links; how to protect yourself from data leaks, helping you prevent sensitive information like SSNs and customer credit card numbers from being shared outside your business, as well as how to control and manage access to information.

    Related services

    Office 365 Encrypted Email (OME) Implementation

    Office 365 uses encryption in two ways: in the service, and as a customer control. In the service, encryption is used in Office 365 by default. If you want to increase the security level of messaging and protect extremely sensitive data, we will provide implementation services to email encryption and rights protection capabilities.

    Device as a Service

    Device as a Service is a comprehensive, flexible solution that bundles hardware, software, and services into a single subscription price. Best of all, customers can scale up or down throughout the course of their subscription term, allowing them to adjust to changing business conditions. Our newest service combines IT Partner's unmatched, unique expertise and specialized services with our operational and logistical strength.