A CFO asked, “I would really love to hear your take on Google vs Microsoft 365 and see if you fall on one side or the other.” When it comes to cyber-security for those two big players…
Both Google and Microsoft strive to have great security. In most cases, the weak spot in security won’t be within Google or Microsoft itself. You’ll want to have great protection for the computers and connections that link the human user to the cloud service.
One of the best things you can do with Google and Microsoft is to enable two-step logon. That way, when someone learns one of your organization’s passwords, the unauthorized user will likely experience great difficulty using that stolen password.
An example of this solution: You enter a username and password into a web site, and then your mobile phone buzzes and tells you to enter the code such as 777888 to complete the login process.
Now an attacker, even if they know your password, would need to steal your mobile phone too before they could log on with your username and password. Obviously, if the attacker is in another city, then it is more difficult for them to steal your phone.
Drop Box, PayPal, Google Apps, Microsoft, and many other sites already support multi-factor authentication – you just have to “turn it on.” See https://www.google.com/landing/2step/ to set up your Google account’s 2-step verification.