e-mails from your computer-1

Securing your business email

Don't try this at home

Protecting your emails from cyber threats is essential. Not only does it protect the sensitive information of your customers and employees, but also maintains the integrity of your brand.

What does it cost to secure Office 365 email?

The cost to implement a good amount of security for Office 365 email for a 100 user small business might be between $1500 and $2,000.  This depends on how secure the environment is to start with and whether or not employees will use instructions or want someone to walk them through the process.  Compliance requirements such as NCUA or FFIEC compliance for financial institutions or CMMC for contractors can double or triple the cost.

Most security features are available in a Business Premium licenses.  If you're on an Office Basic license you'll need to upgrade.  Advanced DLP options might require a more expensive E3 or E5 license.


Start with Microsoft Secure Score

Microsoft Secure Score is a measurement of an organization's security posture, with a higher number indicating more recommended actions taken or policies configured.  You can track your progress over time even if you don't understand all the details.  

To view your Microsoft Secure Score go to:  https://security.microsoft.com/securescore

You can see your security score vs the average for other business in your industry

You can see your security score vs the average You're given points for the following actions:


  • Group 298 Configuring recommended security features
  • Group 298 Doing security-related tasks
  • Group 298 Addressing the recommended action with a third-party application or software, or an alternate mitigation
Microsoft Secure Score is more than just a number. It includes thousands of actions and configurations needed to improve your over all email security.

It helps to identify and prioritize the fixes for common Office 365 security misconfigurations such as:


  • Group 298 Too many Global Administrators
  • Group 298 Disabling mailbox auditing (default set to off prior to January 2019), which makes it difficult or impossible to analyze email-related security breaches
  • Group 298 Disabling unified audit log, which has the same issue
  • Group 298 Failing to use multifactor authentication, particularly on admin accounts
  • Group 298 Insecure email protocols in use

Based on the complexity of the tasks required (see below for an example) securing Office 365 is best left to a professional.


Alternatives Approaches

An alternative to the Microsoft Secure score is a standard such as the Microsoft 365 CIS Benchmark.  The CIS Benchmark is the product of a community consensus process and consists of secure configuration guidelines developed for Microsoft 365.  It does an excellent job of walking through Office 365 settings that should be configured.  The most recent version was 188 pages (not including the index).  The instructions are clear enough that those who enjoy technical challenges and the thrill of breaking their corporate email could follow them....it's a job best left to professionals.

Want to know more about how we can help secure your email, what is involved and what are the costs? schedule a call with us.

Go to our guide to cyber security for small business