What is SharePoint?
SharePoint is a web-based collaboration application developed by Microsoft that is being used by many organizations as a file storage and sharing platform. SharePoint allows users to store data in the cloud, providing the ability to access files from anywhere.
What are the risks associated with using SharePoint?
As with any web-based or cloud application, there are always associated risks. A few of these risks include:
- Improper Data Classification
- Poor Access Control
- Unauthorized Access
- Data Loss
How to establish a secure SharePoint experience
Ensuring that your SharePoint is secure requires a combination of administrative and technical controls. Implementing these controls will help to reduce the risk associated with your SharePoint.
- Planning is a key component when establishing a SharePoint site. Some questions to take into consideration while planning for your SharePoint site:
- What data will be stored on SharePoint?
- Who will be using SharePoint?
- Is sharing files with external contacts allowed?
- Access Control encompasses who has access to SharePoint and what they have access to. Critical information should only be provided to users on a need-to-know basis.
- Multi-Factor Authentication (MFA)
- is a technical control that provides additional access control security. MFA requires a user to perform an additional verification step, instead of just requiring a username and password. Additional verification steps can include entering a One Time Password (OTP) or providing a biometric such as a fingerprint.
- Administrative Access to SharePoint should be provided to as few users as possible. Users with administrative access can perform actions such as changing user permissions and access. It is important to limit the number of users with these privileges.
- User Training is another key component of SharePoint security. Your organization should have policies in place for acceptable use, and users should be trained on what their responsibilities are when working in SharePoint.
Related Glossary Pages You May Be Interested In
Multi-Factor Authentication (MFA)
What is Multi-Factor Authentication Multi-factor authentication is the process by which a user verifies their identity to ...
Read More 
Microsoft Security
What is Microsoft Security and Why is it Important? Microsoft security is an important part of the ...
Read More 
Disaster Recovery Plan
What is a Disaster Recovery Plan? A disaster recovery plan (DRP) is an essential document for any ...
Read More 
Web Application Security
What is Web Application Security? Web Application Security is the process of securing web applications and websites ...
Read More 
Security Operations Center
What is a Security Operations Center? A Security Operations Center, commonly referred to as a SOC, is ...
Read More 
Security Information and Event Management (SIEM)
What is SIEM? Security Information and Event Management (SIEM) is a tool that organizations can use to ...
Read More 
SharePoint Security
What is SharePoint? SharePoint is a web-based collaboration application developed by Microsoft that is being used by ...
Read More 
Recovery Point Objective (RPO) and Recovery Tip Objective (RTO)
What is RPO? Recovery Point Objective (sometimes referred to as RPO or simply recovery point) is a ...
Read More 
Ransomware Detection & Account Recovery
What is Ransomware Detection Ransomware is malicious software that takes control of and encrypts private data for ...
Read More 
Phishing (Vishing)
Phishing is a practice where an attacker attempts to gain access to a private network by sending ...
Read More 
Network Operations Center – NOC Meaning
A network operations center — commonly known as a NOC — is a facility staffed by IT ...
Read More 
Network Traffic Analyzer & Network Traffic Analysis Tools
What is A Network Traffic Analyzer A network security analyzer is a network security tool that provides ...
Read More 
Network Security Threats & Network Security Attacks
What are Network Security Attacks Network Security Attacks are unauthorized actions taken against digital assets within a ...
Read More 
Network Security & Network Security Tools
What is Network Security To define network security, it is important to understand what is meant by ...
Read More
Multi-Factor Authentication (MFA)
What is Multi-Factor Authentication Multi-factor authentication is the process by which a user verifies their identity to ...
Read More
Microsoft Security
What is Microsoft Security and Why is it Important? Microsoft security is an important part of the ...
Read More 
Malware Detection
What is Malware Detection Malware detection is important in today’s cybersecurity as malware is software that is ...
Read More 
Intrusion Detection and Prevention Systems
What is an Intrusion Detection System (IDS) An intrusion detection system (IDS) is a device or software ...
Read More 
End User Security Awareness Training
What is End-User Training End-user training is an important aspect of cyber hygiene and successful system implementation ...
Read More 
Department of Defense & DoD Contractors
What is The Primary Responsibility of the Department of Defense? The Department of Defense (DoD) is the ...
Read More 
Cybersecurity Threats
What Are Cybersecurity Threats When a business closes for the day the doors are locked and the ...
Read More 
Cyber Security Incident Response (CIRT)
What is Incident Response in Cyber Security An incident response plan is a document that outlines an ...
Read More 
Cloud Security Solutions
What are Cloud Security Solutions? Cloud-based security is the umbrella term used to describe the resources and ...
Read More 
Business Continuity Plan
What is a Business Continuity Plan? A business continuity plan — not to be mistaken with a ...
Read More 
Cyber Threat Hunting
Threat hunting (also known as cyber threat hunting) lies at the heart of modern security response services. ...
Read More 
Artificial Intelligence (AI) Security
Cybersecurity is one of many areas in which artificial intelligence (AI) provides a wide range of benefits. ...
Read More