As a platform for enterprise users and global organisations to use as their core intranet system, SharePoint’s security capabilities are extremely robust. However, as with any system, these security parameters need to be properly set up and optimised or it risks being compromised.

Microsoft has implemented numerous security features within SharePoint and continually updates security features to meet the demands of modern enterprise security. We take a look at some SharePoint security best practices to be aware of and implement.

As with all Microsoft solutions, SharePoint has several security levels to protect users. These levels include security protection for applications, data, access, data centers and networks. Within SharePoint, an automated anti-virus feature is present to scan and check files within a site for viruses and malicious software.

Avoid human error

Mitigate the risk of security breaches by tackling potential human error. Ensure your users are familiar with security best practices by encouraging a few simple steps:
Use a strong password – Passwords should not be easily guessed and it is recommended to use a long, complex password to ensure accounts are not quickly brute-forced by password crackers.
Back up regularly – Users should be reminded to save data whenever possible to avoid losing it from unexpected circumstances.
Avoid using public devices and networks – Unsecure networks may have malicious attackers waiting to steal data, the same goes for public devices that can be unwittingly accessed.
Personal devices – Bring Your Own Device is not uncommon in modern working environments which means a security risk in using personal devices. Users must be aware of the risks and ensure their devices are protected from security risks.

User groups

User groups can be set up within SharePoint to bring together teams and collaborators within a project. Administrators then assign member types and access privileges. Users groups are a good way of managing permissions within a group of users.

Assign administrators

An administrator is identified as the user responsible for overseeing the activities within a group. This user will be able to moderate the content being shared in the group adding an extra layer of security. With higher privilege rights, this user will be a trusted individual.

Avoid low-level permissions

In contrast to group and member privileges, users can set document-level permissions to restrict or allow access to certain files. This will quickly become unmanageable as there will be vast amounts of documents spread across many sites. Due to permission inheritance in SharePoint, document-level permissions can have a negative effect on a site.