Securing data is nothing new, but it has become more of a requirement in this digital age. You secure your on-premises Exchange Servers and environment, and the same applies to your Microsoft 365 tenant. While you might think, “It’s in the cloud, it is secure,” you are wrong. Yes, Microsoft has security enabled, but you need to ensure your Microsoft 365 tenant is secure. If you think about it, many phishing attempts happen to financial people, and you need to ensure that these emails are filtered. If a Microsoft 365 user opens an attachment, you have the same kind of security repercussions as you would if you hosted your own servers. Once that malware infects the machine on your network, it spreads like wildfire, and too often, you can find your business crippled by ransomware. Fortunately, with Microsoft 365, there are a few things you can do to bump up your security and ensure that your tenant stays safe. Remember, this is not bulletproof in the sense that nothing will ever happen. You still need to train your users on cybersecurity threats as they are real and happen daily.
Reference: http://techgenix.com/microsoft-365-security/