Hi @frob ,
Security has always been an important topic. The resources in SPO are stored in Microsoft servers, we cannot make some changes to these IPs or firewalls. In fact, we don’t have to worry about the safety of SPO at all. SPO is very cautious about the management of permissions, what we need to do is to manage permissions, please refer to this article for more information:
Managing SharePoint Online Security: A Team Effort
Normally, only users with internal Microsoft accounts in the organization can access the sites in the SPO. Or external users can access some permitted resources only after the administrator makes some settings:
External sharing overview
===================================
With cloud storage being used more and more often for personal and business purposes, it’s normal to wonder how secure your files are in programs like One Drive and SharePoint Online. While it is possible for a hacker to access such secured cloud storage, it is highly unlikely to occur. Both One Drive and SharePoint Online have multiple layers of security, so there are no one-shot means to sneak into storage. Such an effort would be more on the scale of a Mission Impossible scene.
Office 365 has five different layers of security: access security, application security, data security, physical data center security, and network security. These layers make it virtually impenetrable. SharePoint Online is set up in a similar manner, but what really makes these cloud storage solutions uber-safe is the extremely limited ways for data to go in and out, and that data is encrypted whenever it is vulnerable. There are only two ways a file can enter or exit these programs: when the client communicates with the server and when a file moves between data centers. At both times, the information in a file is encoded, so it wouldn’t make any sense even if someone managed to intercept a file in transit.
Reference:
How Secure is Your Data in One Drive and SharePoint Online?
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.