For IT Pros:
1) Understand the current and upcoming threats inherent with cloud computing
2) Alter Security Policies for SaaS --- click here to view details.
3) Plan and enable security before migrating workloads and data to the cloud
4) Inventory online applications and IDs in use to understand where / what users are accessing
5) Automate where possible to reduce human error, i.e. OS updates, AV updates, etc.
6) Monitor cloud security as if it were on-premises
Office 365 Security Assessment Service
For end users:
a) Educate users on today’s advanced malware, ransomware, and advertiseware and that hackers are sending much more sophisticated messages (like fake Purchase Orders, Travel Confirmations, Customer inquiries)
b) Provide tips for protecting their data from ransomware (such as not paying the ransom, regularly backing up any files stored on their computer, and deleting suspicious-looking emails with links or attachments
c) Update A/V and OS software updated to receive patches for newly discovered security vulnerabilities that could be exploited by attackers.
d) Do not enable macros to view content in attachments, and immediately delete the email.
e) Ensure full disk encryption
For IT, PR, and Legal
1) Develop standard operating procedures to take action in the event of a security event
2) Develop a plan to recover and/or mitigate data loss due to breach
3) Develop a plan for deprovisioning users quickly