Can and should you penetration test Office365?
Whenever you perform a Penetration Test (pentest) on a platform that you don’t own, like Office365 (o365), Xero or Slack, you should get permission from the owner to perform the Pentest. Once you have permission a CREST approved Penetration Tester like Vertex Cyber Security can perform the Penetration Testing.
Doesn’t Microsoft Penetration Test Office365 (aka pentest o365)?
Yes, they do, but it doesn’t mean you shouldn’t double check with your own Penetration Test. Penetration tests are time consuming as there is time spent testing every page. They may be too expensive for most Small to Medium-sized Businesses (SMBs). For larger businesses it will depend on their available budget and other cyber priorities. Generally the majority of businesses rely on Microsoft to do the penetration testing.
But isn’t Office365 being hacked regularly so we need a Penetration test?
Yes, Office365 accounts are hacked regularly. This is commonly due to the default insecure configuration of Office365 and insecure passwords. This is why we, Vertex Cyber Security, provide Office365 hardening. Office 365 hardening secures the Office365 configuration and protects against insecure passwords thereby protecting the Office365 account. The process to harden Office365 requires changing more than 50 settings and on average takes 15 hours of work. The length of time depends on business size, complexity and security requirements.
If you are interested in Penetration Testing or Securing your office365 account please contact the Cyber Experts at Vertex Cyber Security.