Improving Security in Microsoft 365
Microsoft 365 (formerly known as Office 365) is an essential tool for many businesses. Providing Industry leading Email, Word Processing and Spreadsheet software it is something most businesses could not be without. But, as with everything that is popular and well used – it’s also popular with hackers who hope to steal contact information or resell account access online.
We already protect multiple business and home users with managed security services around the clock and we have considerable experience in configuring Office 365 to keep your data secure.
If you’re aim is to protect something, you should always consider multiple levels of security. This same principle applies to protecting your data. If one level of security fails there are other levels there to protect you.
As an absolute minimum there should be at least 2 levels of security between your data and the rest of the world, this can be as simple as:
- Secure entry to your office
- Screen lock on any device that you access your data on (e.g. laptops, desktops, tablets and mobile devices)
We strongly suggest talking to an IT Support provider to get the best advice, As JMV Solutions we have seen hundreds of business and personal users who have the same concerns and needs so we are confident that we can provide the best advice for securing your data.
Set up Multi Factor Authentication (MFA)
Using Multi Factor Authentication, or MFA, is one of the easiest and most effective ways to increase the security of your data.
MFA combines two or more factors – e.g., a password, a code, a fingerprint or even a retinal scan – to verify a person’s identity and protect against “soft breaches.” That means even if a criminal is able to get your password, they can’t access your account without the other verification method(s).
The most common method is a text message that is sent to the user’s smartphone every time they try to log in to an on-line application. This is becoming very popular not only with business apps, but consumer apps as well.
For most companies, the built-in MFA option in Office 365 can provide the necessary protection. It allows you to activate MFA at the user level, which offers several different options for the second verification method.
Carefully Manage Your Administrative Privileges
Admin accounts are valuable targets for hackers and cyber criminals, as they include elevated privileges. When the accounts of users with admin privileges are breached, the consequence is often more serious.
Be sure that your admins have a separate user account for every day non-administrative use and only use their admin account when necessary. Additionally, restricting the number of users with admin access can help lower your risks.
Use Data Encryption
To ensure the security of sensitive information either at rest or during transit, you need to implement an encryption protocol that ensures confidential storage and communication.
This is particularly important if your company handles information such as credit card information, social security numbers, or health records – and you need to meet regulatory requirements which are starting to apply to almost every industry.
Office 365 offers several encryption capabilities by default: BitLocker for files saved on Windows computer and TLS connections for files on OneDrive for Business or SharePoint Online.
Another cool feature is the ability to send encrypted email messages to recipients outside of the organization, letting them access the messages by signing in with a Microsoft account, using an Office 365 account, or entering a one-time pass code.
Deploy Mobile Device Management (MDM)
Whether you have a “Bring Your Own Device” (BYOD) policy or not, your employees are likely to be accessing company data with their phones, tablets or laptops, especially now that we are all working from home.
Even though you can provide the necessary education to employees, you still need to guard against scenarios such as lost devices or someone other than the employee gaining access to the devices.
Office 365 offers a built-in MDM option, which works well for employees accessing email via their company-issued mobile devices.
If employees are using their own devices or using applications besides email, Microsoft Intune will give you more control and offer additional protection. Again, consult with your IT security expert to find out which MDM solution is best for your company,
Take Advantage of Advanced Threat Protection (ATP)
One of the biggest cyber security threats comes from phishing emails, which typically spreads ransomware via malicious links and email attachments.
Although you can and should offer employees phishing prevention training so they don’t click on suspicious links or attachments, you can’t rely on everyone being vigilant at all times. It takes only one employee to click on one malicious link to cause irreparable damage to your sensitive data – and your reputation.
Advanced Threat Protection helps prevent these links and attachments from getting into your employee’s inboxes in the first place. It does this by opening the them in a virtual environment to check for malicious activity before delivering the emails to the recipients.
Remember, although ATP along with the rest of the Office 365 security features above can drastically reduce your chances of being compromised, there is still one very important function that you simply can’t ignore.
Teaching employees how to maintain passwords, recognize phishing emails, understand security features on their mobiles and laptops, and most importantly understand and sign off on company security policies is an absolute must.
Security training is not one-and-done, it’s an ongoing requirement.
Whether you do this in-house or outsource it, appropriately trained resources should be tasked with developing, maintaining and updating your security policies and programs – which should include regular employee training.
Get In Touch to see how we can help