Why collaborative governance is important
Table of contents
This makes Cybersecurity Awareness Month the perfect time to reflect on how we, as both IT admins and end users, can work together to build safer, more secure systems. At the heart of this approach is collaborative governance, particularly in tools like Microsoft 365, where usability and security must go hand in hand. In my career as an IT admin, I have seen a plethora of scenarios that have proved to me that governance is a strategy and process in which every employee needs to be included. Let’s find out why.
The role of collaborative governance in Microsoft 365
Collaborative governance is all about creating a balance between security and usability in a shared environment. For platforms like M365, where collaboration thrives, this means IT admins set up the guardrails, but users also need to follow best practices. This two-way street is essential for maintaining security without hindering productivity.
But what does this look like in action? Here’s where things get interesting.
Real-life story: The phishing campaign that took down an entire tenant
Some years ago, I worked at a company that was doing IT maintenance for a large polyclinic. Around that time, phishing campaigns were becoming increasingly sophisticated. One day, a user from the polyclinic fell for a phishing email disguised as an ad for a popular tech store offering huge discounts. All they had to do was sign in with their Microsoft account. Sounds too good to be true, right? Well, it was.
After entering their credentials, the user started receiving MFA fatigue attacks—you know, those repeated requests for authentication until they eventually gave in. And they did. The attacker now had access to the user’s Microsoft 365 account, and before we knew it, the entire tenant was being used to send spam. Eventually, Microsoft blocked the tenant from sending any emails due to the excessive spam activity.
The lesson? Even with MFA, without proper awareness and collaboration between IT and users, things can go very wrong. It took us days to fix the problem, working hand-in-hand with Microsoft support, but the polyclinic’s domain reputation had already taken a hit.
Key cybersecurity challenges in collaborative environments
This story highlights one of the biggest challenges in collaborative environments: access management. IT can set up strong defenses, but if end users aren’t aware of risks like phishing, those defenses can be bypassed. In M365, this can also extend to data loss prevention (DLP) and compliance, where users need to understand how their actions can lead to data breaches or regulatory issues.
Actionable steps for securing collaborative governance in Microsoft 365
Step 1: Implement granular access controls
Ensure that permissions within M365 are set based on the principle of least privilege. Avoid giving users more access than they need—after all, if everyone is an owner, things can get messy fast.
Step 2: Strengthen Data Loss Prevention
DLP policies are crucial in collaborative environments. Educate users on the importance of handling sensitive data correctly and make sure they know how to share documents securely within M365.
Step 3: Ensure compliance and regular audits
Automating compliance checks within M365 can help IT admins stay on top of potential issues. Regular audits can prevent unauthorized access and ensure that sensitive data is being handled according to industry standards.
Real-Life story: The Crypto Locker incident that could have been prevented
Another story from my past highlights the importance of access management. We were maintaining IT systems for a large accounting firm that relied heavily on SharePoint. The issue? Everyone had owner rights to all SharePoint sites. We warned them about this, but they felt dealing with permissions would be too time-consuming.
Then, disaster struck. A user inadvertently downloaded a crypto locker virus, and because they had owner access, the ransomware encrypted the entire SharePoint environment. Files were renamed, and nobody could work. At first, the company didn’t even believe it was happening; they were in complete denial! After we insisted, they allowed us to wipe the infected computer and restore SharePoint from a previous backup. It was a harsh lesson for them, but one they needed to learn: when you give too much access, you’re inviting trouble.
Collaboration is key: Why IT admins and end users must work together
These stories emphasize one key point: collaboration between IT admins and end users is essential to any cybersecurity strategy. IT can implement the best security measures, but if users aren’t on board, those efforts can fall apart. Whether it’s recognizing phishing attempts or understanding the risks of oversharing, users must play their part.
Achieving cybersecurity through collaborative governance
Cybersecurity isn’t just an IT problem; it’s a shared responsibility between admins and users. By focusing on collaborative governance and leveraging tools like Syskit Point, organizations can ensure that security doesn’t come at the cost of usability. And if there’s one thing to take away, it’s that everyone has a role to play in keeping our digital environments safe.
Simplifying governance and security with Syskit Point
Thankfully, managing permissions and access within M365 doesn’t have to be as complicated as it seems. Syskit Point, for example, is a governance platform that helps IT admins monitor, manage, and automate access controls and compliance across SharePoint, Teams, and OneDrive. By simplifying these processes, it ensures that both IT and end users can collaborate securely without the headache of manual oversight.
