Article Photo Increase Your Nonprofit's Security Using the Microsoft Cloud How Office 365 Tools Can Help Your Organization Protect Your Information Susan Hope Bard and Cameron Jones - February 27, 2019 Is your nonprofit under a cloud of doubt or on cloud nine when it comes to complying with security standards? We all know that protecting your organization's information is critical to your operation, but how do you actually achieve this? This article gives you the basics on what you need to know about threats to your nonprofit's data, and how you can help ensure that it is protected and compliant with security standards when hosted on the Microsoft Cloud. We'll review two-factor authentication, setting up a data loss prevention policy, and how to make sure that only authorized and compliant devices can access your data.Who Is Trying to Steal Your Data?First, let's talk about what the security risks really are for your nonprofit. Your data can be compromised by two categories of people:External Hackers: In general, hackers are not trying to target your organization specifically, but rather are trying to find vulnerabilities in any Internet-connected machine to gain access internal systems so they can Ransom the data back to you (example)Sell the data off to be used for identity theft purposes (another example)Publish embarrassing data, in those cases where your organization is being targeted specifically (Sony emails embarrass an industry)Internal Staff: Often staff members are the source of your organization's biggest data breaches because their laptops or phones are stolen (example) or they email sensitive data to the wrong person by mistake. In other cases, staff members destroy or alter data to cover up fraudulent activities or steal data to resell it or to extort or embarrass someone (example).So how can you ensure that your cloud-based systems will protect your nonprofit's data, accounts, devices, and infrastructure?Keeping Your Data Safe in the Microsoft CloudMicrosoft provides platinum-standard security for its nonprofit cloud users. Sam Chenkin from Tech Impact reviews the key elements of security you need to know and lots of ways Office 365 can help your organization be more secure. Microsoft hosts governments and major corporations in its cloud. It's HIPAA compliant (for those who store sensitive medical information) and has audited compliance with Statement on Standards for Attestation Engagements (SSAE) 16 and a dozen other security standards. You can take a look at the Microsoft Trust Center to verify whether your compliance standard is being met.Your nonprofit's data in the Office 365 cloud is encrypted in transit and at rest in Microsoft's datacenters. So you just need to focus on protecting the data saved on your local machines and setting the right permissions for who can send what data outside of your network.Use Azure AD to Set Up Single Sign-On and Improve Account and Device SecurityLet's take a look at account and device security. Azure Active Directory (AD) is included with Office 365. It allows you to manage users and groups in your nonprofit. Its features help nonprofits to prevent identity theft and keep hackers and other criminals out of their systems.Azure was developed for Windows domain networks and includes most Windows Server operating systems as a set of processes and services.A major benefit of Azure is being able to log in to your computer with Azure AD. If you enable this in the Office 365 management console, your nonprofit staff and volunteers can join their computers to Azure AD. Then they'll be able to log in to their computers with their Office 365 username and password. They will also be able to log in to many third-party applications using the same username and password.Watch as Sam demonstrates joining a computer to Azure AD and setting up single sign-on (SSO). Set Up Two-Factor Authentication to Increase Account SecurityOne easy and important step is to set up two-factor authentication. Two-factor authentication helps to ensure that only authorized users can log in to your organization's accounts. Two-factor authentication also makes single sign-on even more secure.Users are granted access only after successfully presenting two different pieces of evidence to confirm their identity. Typically that evidence is in two of the following categories: knowledge (something users know), possession (something they have), and inherence (something they are).For example, you can set up your computer so that it's not enough to know your password in order to log in. You also need to prove that you are an authorized user by providing a code from your mobile phone.Watch as Sam shows you how to easily enable two-factor authentication. Set Up a Data Loss Prevention PolicyYou should also set up a basic data loss prevention (DLP) policy in Office 365, available with Office 365 E3 licenses. DLP policies are slightly limited and don't offer encryption. So you can only limit access to content rather than automatically encrypt. And DLP policies have limited configuration options. But they are a great place to start.Watch Sam configure simple data loss prevention policies using the Microsoft Cloud. Manage Your DevicesWith Microsoft's Enterprise Mobility + Security (EMS) offer, organizations can manage and protect their users, devices, apps, and data. The tools included allow you to Simplify management of apps and devices for your employees and volunteersProtect your organization's information across phones, tablets, and PCsIdentify suspicious activities and advanced threats to your organization in near real timeEMS is incredibly valuable when employees are using multiple devices to access data, where volunteers may be bringing in their own devices, or where field workers need access to certain applications or data when they are out on visits. This suite is now available as a donation for up to 50 licenses.Hopefully we've helped part the clouds and explained basic security measures you can take today using Microsoft Office 365 tools to safeguard your nonprofit.Other blog posts and articles related to the Microsoft Cloud include Office 365 Versus Microsoft 365: Which Is Right for Your Nonprofit? Video: Choosing the Best Office 365 Licenses for Your Nonprofit What's the Difference Between Office Desktop and Office 365? What You Need to Know About Microsoft Office 365 Nonprofit Video: How Microsoft 365 Can Help Your Nonprofit This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License.