With the latest rise in cybercrime, is SharePoint a vulnerable point in your environment?
SharePoint is a web-based collaborative platform by Microsoft that most companies use to share documents. Is it critical to secure SharePoint?
That depends on the next few questions around what data you have in SharePoint.
- Is there any regulated data (per HIPAA or California or other privacy laws) in your SharePoint?
- Is there any intellectual property in your SharePoint?
Did you answer yes to either of the questions above? Then it is worth looking into better securing your SharePoint environment. The early effort could save a considerable amount of money in fines in the long run.
Here are some key points to consider:
- Default Configurations: SharePoint by default, leaves configurations open. This means most files are viewable by everyone unless an administrator actively configures them not to be.
- Principle of Least Privilege Access: Putting in the effort to configure your SharePoint environment to only allow access to people that need access could save your company. If an employee in Sales is compromised and has access to financial documents that contain SSNs, the company’s problems have just exponentially skyrocketed. If the Sales employee only had access to what they needed to do their job there is considerably less risk of a serious and expensive exposure.
- Audit Logs: Make sure that audit logs are enabled. This will help rule out if something was accessed in the case of a compromise. If someone clicks on a malicious link in an email and infects their computer, the audit logs can help determine what was accessed. It is specifically defined in various regulatory laws that you need to assume that all data reachable was compromised unless you can prove otherwise. This is where your audit logs will help.
- Email and File storage: Employees should be trained to recognize regulated data and taught to be aware of where it is saved. SharePoint access is normally gained when access to email has occurred, normally through a malicious email link that prompted the user for credentials.
- Multi-Factor Authentication: Multi-factor Authentication (MFA) requires a secondary authorization to gain access to accounts. It is primarily used for access to email and Virtual Private Network (VPN). Having this enabled is critical, as it is oftentimes the only safety net after a user accidently gives away their credentials to a phishing email sent to their mailbox. If you do not have MFA enabled and your environment has email in the cloud (Office365) than it is only a matter of time until you will be compromised.
About the Author
Alice Liu is a cybersecurity professional that has worked both incident response and operations. With extensive experience managing incidents, forensics, and their declarations along with audits and implementing security solutions across complex business environments. She runs ALT-C Consulting, headquartered in Sacramento, CA.
Cybersecurity and Incident Response Consultant, CISSP, HCISPP, and CEH