Improving Security in Microsoft 365

Microsoft 365 (formerly known as Office 365) is an essential tool for many businesses. Providing Industry leading Email, Word Processing and Spreadsheet software it is something most businesses could not be without. But, as with everything that is popular and well used – it’s also popular with hackers who hope to steal contact information or resell account access online.
We already protect multiple business and home users with managed security services around the clock and we have considerable experience in configuring Office 365 to keep your data secure.

If you’re aim is to protect something, you should always consider multiple levels of security. This same principle applies to protecting your data. If one level of security fails there are other levels there to protect you.

As an absolute minimum there should be at least 2 levels of security between your data and the rest of the world, this can be as simple as:

We strongly suggest talking to an IT Support provider to get the best advice, As JMV Solutions we have seen hundreds of business and personal users who have the same concerns and needs so we are confident that we can provide the best advice for securing your data.

Set up Multi Factor Authentication (MFA)
Using Multi Factor Authentication, or MFA, is one of the easiest and most effective ways to increase the security of your data.

MFA combines two or more factors – e.g., a password, a code, a fingerprint or even a retinal scan – to verify a person’s identity and protect against “soft breaches.” That means even if a criminal is able to get your password, they can’t access your account without the other verification method(s).

The most common method is a text message that is sent to the user’s smartphone every time they try to log in to an on-line application. This is becoming very popular not only with business apps, but consumer apps as well.

For most companies, the built-in MFA option in Office 365 can provide the necessary protection. It allows you to activate MFA at the user level, which offers several different options for the second verification method.

Carefully Manage Your Administrative Privileges
Admin accounts are valuable targets for hackers and cyber criminals, as they include elevated privileges. When the accounts of users with admin privileges are breached, the consequence is often more serious.

Be sure that your admins have a separate user account for every day non-administrative use and only use their admin account when necessary. Additionally, restricting the number of users with admin access can help lower your risks.

Use Data Encryption
To ensure the security of sensitive information either at rest or during transit, you need to implement an encryption protocol that ensures confidential storage and communication.

This is particularly important if your company handles information such as credit card information, social security numbers, or health records – and you need to meet regulatory requirements which are starting to apply to almost every industry.

Office 365 offers several encryption capabilities by default: BitLocker for files saved on Windows computer and TLS connections for files on OneDrive for Business or SharePoint Online.

Another cool feature is the ability to send encrypted email messages to recipients outside of the organization, letting them access the messages by signing in with a Microsoft account, using an Office 365 account, or entering a one-time pass code.

Deploy Mobile Device Management (MDM)
Whether you have a “Bring Your Own Device” (BYOD) policy or not, your employees are likely to be accessing company data with their phones, tablets or laptops, especially now that we are all working from home.

Even though you can provide the necessary education to employees, you still need to guard against scenarios such as lost devices or someone other than the employee gaining access to the devices.

Office 365 offers a built-in MDM option, which works well for employees accessing email via their company-issued mobile devices.

If employees are using their own devices or using applications besides email, Microsoft Intune will give you more control and offer additional protection. Again, consult with your IT security expert to find out which MDM solution is best for your company,

Take Advantage of Advanced Threat Protection (ATP)
One of the biggest cyber security threats comes from phishing emails, which typically spreads ransomware via malicious links and email attachments.

Although you can and should offer employees phishing prevention training so they don’t click on suspicious links or attachments, you can’t rely on everyone being vigilant at all times. It takes only one employee to click on one malicious link to cause irreparable damage to your sensitive data – and your reputation.

Advanced Threat Protection helps prevent these links and attachments from getting into your employee’s inboxes in the first place. It does this by opening the them in a virtual environment to check for malicious activity before delivering the emails to the recipients.

Remember, although ATP along with the rest of the Office 365 security features above can drastically reduce your chances of being compromised, there is still one very important function that you simply can’t ignore.

Security Training
Teaching employees how to maintain passwords, recognize phishing emails, understand security features on their mobiles and laptops, and most importantly understand and sign off on company security policies is an absolute must.

Security training is not one-and-done, it’s an ongoing requirement.

Whether you do this in-house or outsource it, appropriately trained resources should be tasked with developing, maintaining and updating your security policies and programs – which should include regular employee training.

JMV Solutions provide managed Office 365 services. We take care of your tenant, security, licenses, support and management leaving you to focus on your business.

Microsoft announces Windows 11

It wasn’t the best kept secret in the world, but on the 24th June 2021, Microsoft announced Windows 11 would be available by the end of the year.

In short – it’s an upgrade to Windows 10 that comes with updated visuals, some speed/power improvements and a refreshed Start Menu. It should be available to most Windows 10 users for free.

Here’s our top five reasons to be excited about Windows 11.

1.Video Call From The Desktop

2. Desktop Layouts

3. Updated Icons and User Interface

4. Android Apps

5. Light and Dark Mode
Light and dark mode is something expected out of all modern software and apps nowadays. But from the screenshots above, these modes on Windows 11 look amazing.

The biggest data breaches of 2020

JMV Solutions Business IT Support padlock post image
JMV Solutions Business IT Support padlock post image

The COVID-19 pandemic has forced companies to change their business model to incorporate considerably more home and remote working. Because of this, there was a significant increase in the number of data breaches. In fact, there were over 700 million reported data breaches and attacks in just the first six months of 2020. By the end of the year there were over 2 billion recorded data breaches.

We’ve listed the biggest data breaches of the year from some notable names in the UK, US and around the world. Remember, these are companies that invest heavily in technology, software and staff to prevent this kind of thing happening. Their business data, just like yours, is incredibly valuable in the hands of a third party.

There may be an end in sight to the COVID-19 pandemic but the data breaches and attacks will continue, and the methods used are becoming more advanced every day. In the result of a major data breach, such as these listed, hackers will have sold account credentials, sensitive data, confidential and financial records of the customers of these organizations.

Nintendo

Nintendo revealed in April 2020 that around 160,000 accounts had been compromised. Hackers then used the stolen accounts to purchase valuable digital items. Nintendo ended the ability for users to log in using their Nintendo Network ID (NNID) as a result of this attack. They also suggested that users secure their data by using two-factor authentication.

In the following months, other digital media companies such as Netflix, Spotify and Disney+ all faced similar issues.

EasyJet

EasyJet reported that 9 million data records and the details of 2,200 credit cards were stolen by cybercriminals. Due to the strict GDPR rules in the UK and Europe, it’s likely they were fined and ordered to pay compensation to the affected customers.

EasyJet has not revealed any information as to how the databases had been hacked, except to say that the hacker appeared to be targeting the company’s intellectual property, as opposed to the personal data of its client.

Twitter

On July 15, a Tweet was shared on a variety of high-profile accounts. These included Barack Obama, Joe Biden, Bill Gates and Elon Musk. They said “I’m giving back to the community. All bitcoin sent to the address below will be sent back doubled! If you send $1000, I will send back $2000. Only doing this for 30 minutes”, it reached more than 350 million people and resulted in £86,800 of stolen ‘donations’ within hours.

According to the announcement made by Twitter, “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems”

While the attack targeted 130,000 public figures and profiles, the attackers made $121,000 bitcoin donations after the attack.

Zoom

Zoom has experienced a gigantic increase in popularity with the move of both education and business to the work from home model.

The Zoom video conferencing software has become the most commonly used virtual meeting application and has also become popular with cybercriminals. In a short period of time, the software became vulnerable to multiple security threats and ultimately became a victim of a data breach. In the first week of April 2020, reports of more than 500,000 stolen Zoom passwords available for sale in dark web crime markets.

Cybercriminals then sold login credentials to those accounts on the dark web, allowing pranksters and criminals to login and attend mid-stream meetings. They were also able to obtain personal details from Zoom participants, including email addresses and other contact details.