Anyone who is in charge of security in a medium-sized company knows how much work is involved. It’s a good thing that Microsoft 365 automatically includes a large number of important security functions – and keeps them up to date!

Did you know? Hackers only need an average of 4 minutes to infiltrate a network, but it takes the affected company over 99 days to realize that an attack has taken place. Sounds incredible, but it’s true. Why is this the case? Because small and medium-sized enterprises (SMEs) in particular still pay too little attention to the issue of cybersecurity. The arguments have been the same for years:

Security is too expensive

SMEs typically spend about 15% of their budget on IT security. That’s quite a lot, but often not enough for comprehensive protection.

Security is too complex

Even if SMEs don’t have their own IT departments, that doesn’t mean they can’t implement comprehensive security measures. Technologies and services can radically reduce complexity while providing strong protection.

Security is not a business priority

As a result, SMBs in particular invest little time and resources in the issue – the more distant they are from the topic of IT, the less. Prime examples of this are companies in the retail, healthcare or hospitality sectors. Bad enough – because they, too, have to deal with customer data and are just as responsible for its security as a large company.

The good news:

Microsoft 365 covers a broad security scope, which is what SMBs need

Because MS 365 works cloud-based – and is constantly updated and monitored by IT security experts. Numerous international certifications prove how much Microsoft cares about this: for both technical and physical security, everything is taken care of. Says Brad Smith, president, and chief legal officer: “If we can’t protect our customers, we haven’t earned their trust.”

Enterprise-grade security is enabled by default in the Microsoft 365 cloud, so SMBs don’t have to spend time and resources securing software on-premises. Because certain functionality can be migrated to the cloud, IT security accountability can be shifted to Microsoft’s side in the process. The advantage of this is that it no longer needs to be managed locally and secured with in-house software solutions.

In other words, SMBs can greatly reduce the cost of third-party security solutions – as well as maintenance and administration. Microsoft offers a ready-made central dashboard in the Microsoft 365 Defender portal ( ) for monitoring the company’s own security status. The security of Microsoft 365 identities, apps, and devices can be monitored and optimized in this dashboard.

A scoring system shows security managers how well the system is protecting them. At the same time, it makes suggestions for improving IT security. Points are awarded for each completed suggestion – for example, for

  • Configuring recommended security feature
  • Performing security-related tasks
  • Addressing the improvement with a third-party application or software or an alternative countermeasure

If necessary, the system can also be customized to meet your own needs: Internal policies can be implemented with little technical overhead (development, scripting, etc.) and a pure focus on the purpose.

The biggest security risks in SMEs…

come from email accounts, mobile devices, passwords that are too simple, and regulations that are implemented incorrectly or not at all. Quite a lot to monitor, especially for a SMB with little available manpower.

Microsoft 365 closes this gap. It automatically protects inboxes from spam and viruses, blocks ransomware and fends off phishing attacks. Files, whether on Sharepoint, OneDrive or Teams, remain encrypted at all times. – Regardless of whether they are just being transferred or are lying still.

Those who want to can take additional security measures via the dashboard in the Microsoft 365 Defender portal. For example, copying and storing business information can be restricted, sharing of sensitive information such as credit card numbers can be blocked, or data on mobile devices can be encrypted – and even deleted on lost or stolen devices.

IT security starts with the employee

Security managers can use MS 365 to control and define who has access to what business information and prevent non-compliant devices from accessing the system. It provides a solid and cost-effective foundation for greater cyber security.

Last but not least, security starts with employees, who can be made aware of potential risks. Even a careless click on a mail attachment from an unknown person or the typical notepad with passwords on the desk are still common but dangerous security gaps.

Therefore, awareness training is recommended for all employees to raise their awareness in dealing with data security. A sensible and vigilant approach in daily business is essential to realize information security in the company.

Doesn’t sound so complicated, does it?! – Take the first step, our security experts will be happy to tell you more