This makes Cybersecurity Awareness Month the perfect time to reflect on how we, as both IT admins and end users, can work together to build safer, more secure systems. At the heart of this approach is collaborative governance, particularly in tools like Microsoft 365, where usability and security must go hand in hand. In my career as an IT admin, I have seen a plethora of scenarios that have proved to me that governance is a strategy and process in which every employee needs to be included. Let’s find out why.
Collaborative governance is all about creating a balance between security and usability in a shared environment. For platforms like M365, where collaboration thrives, this means IT admins set up the guardrails, but users also need to follow best practices. This two-way street is essential for maintaining security without hindering productivity.
But what does this look like in action? Here’s where things get interesting.
Some years ago, I worked at a company that was doing IT maintenance for a large polyclinic. Around that time, phishing campaigns were becoming increasingly sophisticated. One day, a user from the polyclinic fell for a phishing email disguised as an ad for a popular tech store offering huge discounts. All they had to do was sign in with their Microsoft account. Sounds too good to be true, right? Well, it was.
After entering their credentials, the user started receiving MFA fatigue attacks—you know, those repeated requests for authentication until they eventually gave in. And they did. The attacker now had access to the user’s Microsoft 365 account, and before we knew it, the entire tenant was being used to send spam. Eventually, Microsoft blocked the tenant from sending any emails due to the excessive spam activity.
The lesson? Even with MFA, without proper awareness and collaboration between IT and users, things can go very wrong. It took us days to fix the problem, working hand-in-hand with Microsoft support, but the polyclinic’s domain reputation had already taken a hit.
This story highlights one of the biggest challenges in collaborative environments: access management. IT can set up strong defenses, but if end users aren’t aware of risks like phishing, those defenses can be bypassed. In M365, this can also extend to data loss prevention (DLP) and compliance, where users need to understand how their actions can lead to data breaches or regulatory issues.
Ensure that permissions within M365 are set based on the principle of least privilege. Avoid giving users more access than they need—after all, if everyone is an owner, things can get messy fast.
DLP policies are crucial in collaborative environments. Educate users on the importance of handling sensitive data correctly and make sure they know how to share documents securely within M365.
Automating compliance checks within M365 can help IT admins stay on top of potential issues. Regular audits can prevent unauthorized access and ensure that sensitive data is being handled according to industry standards.
Another story from my past highlights the importance of access management. We were maintaining IT systems for a large accounting firm that relied heavily on SharePoint. The issue? Everyone had owner rights to all SharePoint sites. We warned them about this, but they felt dealing with permissions would be too time-consuming.
Then, disaster struck. A user inadvertently downloaded a crypto locker virus, and because they had owner access, the ransomware encrypted the entire SharePoint environment. Files were renamed, and nobody could work. At first, the company didn’t even believe it was happening; they were in complete denial! After we insisted, they allowed us to wipe the infected computer and restore SharePoint from a previous backup. It was a harsh lesson for them, but one they needed to learn: when you give too much access, you’re inviting trouble.
These stories emphasize one key point: collaboration between IT admins and end users is essential to any cybersecurity strategy. IT can implement the best security measures, but if users aren’t on board, those efforts can fall apart. Whether it’s recognizing phishing attempts or understanding the risks of oversharing, users must play their part.
Cybersecurity isn’t just an IT problem; it’s a shared responsibility between admins and users. By focusing on collaborative governance and leveraging tools like Syskit Point, organizations can ensure that security doesn’t come at the cost of usability. And if there’s one thing to take away, it’s that everyone has a role to play in keeping our digital environments safe.
Thankfully, managing permissions and access within M365 doesn’t have to be as complicated as it seems. Syskit Point, for example, is a governance platform that helps IT admins monitor, manage, and automate access controls and compliance across SharePoint, Teams, and OneDrive. By simplifying these processes, it ensures that both IT and end users can collaborate securely without the headache of manual oversight.