These are 5 SharePoint Security Mistakes You Must Avoid SharePoint’s popularity and rapid adoption leave admins pondering about the best practices they can use to get the most out of SharePoint. Many SharePoint administrators admit to making mistakes along the way. These are five common security errors to avoid when using SharePoint. Security Mistake #1: Ignoring patch Management. SPOTO offers cybersecurity training. SharePoint, like all applications, must be regularly updated and patched. Microsoft offers frequent updates for SharePoint, which should be tested and deployed. SharePoint and its services may have vulnerabilities that could be exploited by potential threats if they are not updated. If we don’t pay attention, hackers can easily open access points. This is why it is important to ensure that a patch management process is in place and is followed. Security Mistake #2 – Poor Account Management Users or groups can cause problems with any protocol or security measure. Users can get curious and go places they aren’t supposed to. Or they can be malicious and cause harm. While you don’t want to believe that your users will do anything to harm the company, security experts need to be able to see the worst and work backwards. POLP (Principle Of Least Privilege) is a good permission policy. This policy allows users and groups to be granted the minimum access they need, based on their job or role. This will protect SharePoint and limit user access. Security Mistake #3: Not properly managing data We must protect our data. SharePoint users expect data security. They expect data integrity to ensure that their files do not become corrupted when they attempt to access them. They also want to be able access the data from any device they choose. This is known as “CIA”: Confidentiality Data Integrity and Availability. A risk assessment is one way to protect your data. You can then determine the qualitative and quantitative value of your data. Your risk assessment will help to determine the best security measures to protect the CIA principals. This includes backup systems, loadbalancers, antivirus and spam protectors, IDS or IPS, firewalls, and other security measures. Security Mistake #4: Not Encrypting your SQL. This is one of the most common security mistakes SharePoint administrators make. This leaves the door open for hackers to do SQL injections that could compromise the database. Security Mistake #5 – Poor or insufficient security training. Last, but not least, it is important to provide regular security training. This includes having security policies, procedures and guidelines that will help you secure SharePoint and your users. This will help you and your team be more efficient in your SharePoint administration. We have SharePoint training for all levels, whether you are a SharePoint expert or a novice. Brian Alderman, SharePoint trainer, covers SharePoint Server, Collaboration and End-User as well as administration, configuration, and other topics. Stay tuned for Brian’s SharePoint 2016 training. About the author: Brandon Krieger, an IT professional and SPOTO Learning Community member, specializes in social media, business consulting, relationship market, and is currently studying cybersecurity. Download

These are 5 SharePoint Security Mistakes You Must Avoid SharePoint’s popularity and rapid adoption leave admins pondering about the best practices they can use to get the most out of SharePoint. Many SharePoint administrators admit to making mistakes along the way. These are five common security errors to avoid when using SharePoint. Security Mistake #1: Ignoring patch Management. SPOTO offers cybersecurity training. SharePoint, like all applications, must be regularly updated and patched. Microsoft offers frequent updates for SharePoint, which should be tested and deployed. SharePoint and its services may have vulnerabilities that could be exploited by potential threats if they are not updated. If we don’t pay attention, hackers can easily open access points. This is why it is important to ensure that a patch management process is in place and is followed. Security Mistake #2 – Poor Account Management Users or groups can cause problems with any protocol or security measure. Users can get curious and go places they aren’t supposed to. Or they can be malicious and cause harm. While you don’t want to believe that your users will do anything to harm the company, security experts need to be able to see the worst and work backwards. POLP (Principle Of Least Privilege) is a good permission policy. This policy allows users and groups to be granted the minimum access they need, based on their job or role. This will protect SharePoint and limit user access. Security Mistake #3: Not properly managing data We must protect our data. SharePoint users expect data security. They expect data integrity to ensure that their files do not become corrupted when they attempt to access them. They also want to be able access the data from any device they choose. This is known as “CIA”: Confidentiality Data Integrity and Availability. A risk assessment is one way to protect your data. You can then determine the qualitative and quantitative value of your data. Your risk assessment will help to determine the best security measures to protect the CIA principals. This includes backup systems, loadbalancers, antivirus and spam protectors, IDS or IPS, firewalls, and other security measures. Security Mistake #4: Not Encrypting your SQL. This is one of the most common security mistakes SharePoint administrators make. This leaves the door open for hackers to do SQL injections that could compromise the database. Security Mistake #5 – Poor or insufficient security training. Last, but not least, it is important to provide regular security training. This includes having security policies, procedures and guidelines that will help you secure SharePoint and your users. This will help you and your team be more efficient in your SharePoint administration. We have SharePoint training for all levels, whether you are a SharePoint expert or a novice. Brian Alderman, SharePoint trainer, covers SharePoint Server, Collaboration and End-User as well as administration, configuration, and other topics. Stay tuned for Brian’s SharePoint 2016 training. About the author: Brandon Krieger, an IT professional and SPOTO Learning Community member, specializes in social media, business consulting, relationship market, and is currently studying cybersecurity. Download