SharePoint continues to gain momentum across the industry. Its popularity and speed of adoption leaves some admins wondering about some best practices they can employ to get the most they can out of SharePoint.
Most SharePoint administrators admit to having made some critical mistakes along the way.
Here are five common security mistakes to avoid when using SharePoint:
Security Mistake #1: Ignoring Patch Management
SharePoint, like any application, needs to be updated and patched properly. Microsoft provides frequent updates for SharePoint that need to be tested and deployed. If SharePoint and its services are not updated, there may be vulnerabilities that can be compromised by potential threats. It doesn’t take much for hackers to open up access points if we are not paying attention. This is why we need to make sure to have a good patch management process in place that is constantly followed.
Security Mistake #2: Poor Account Management
Users and groups can be the downfall of any security measure or protocol. Users get curious and go where they are not supposed to, or they can be malicious and try to cause harm. You never want to think that your users will do anything to hurt the company, but as a security expert you need to think of the worst situations and work backwards. A good permission policy to follow is POLP (Principle of Least Privilege). This policy entails setting up users and groups with the most minimal access they need based on their job and/or role. Doing this will secure SharePoint and restrict user access.
Security Mistake #3: Not Managing Data Properly
Have you heard the expression, “content is king?” When it comes to our data we need to protect it. Our users are expecting our data to be secure when they use SharePoint. They want data integrity, thus ensuring that their files are not corrupt when they try to access them, and they want to be able to access the data on whatever device they feel comfortable using. This is referred to as “CIA”: Confidentiality, Data Integrity, and Availability.
One way to secure your data is to perform a risk assessment. This way, you understand the quantitative value and qualitative value of your data. Your risk assessment will help you implement security measures to maintain the CIA principals, including backup systems, load balancers, antivirus and antispam protectors, an IDS or IPS, firewalls, as well as other security measures.
Security Mistake #4: Not Encrypting Your SQL
One of the security mistakes SharePoint administrators make when surveyed is they don’t encrypt the SQL database. This is an open door for a hacker to potentially do an SQL injection which would compromise the database.
Security Mistake #5: Lack of or Poor Security Training
Finally, and arguably most importantly, is the need to provide ongoing security training. This should include having good security policies, procedures, guidelines, and best practices in place that will help to secure SharePoint and your users.
Working to avoid these five security mistakes will improve your SharePoint administration, allowing your team to be more effective in their work.
Whether you’re a SharePoint pro or new to the game, we have SharePoint training for everyone! SharePoint trainer Brian Alderman covers SharePoint Server, Collaboration, End-User, administration, configuration and more.
Stay tuned for Brian’s SharePoint 2016 training!
About the author: Brandon Krieger is a IT professional and CBT Nuggets Learners Community member who now specializes in social media marketing, business consulting, relationship marketing, and is now studying cybersecurity.