Now that much of a company’s workflow is online, there’s a need to shift some of your security priorities from on-premises and device-focused to cloud security.
Hackers are going where the data is, and increasingly that’s in cloud platforms, such as Microsoft 365. And while Microsoft does their part to protect their servers and data centers, much of the security for the account is left in the user’s hands.
Unfortunately, this can lead to breaches because companies and their staff may not understand how to set the proper security settings and can suffer breaches from misconfiguration.
For example, according to the 2020 Data Breach Investigations Report (DBIR), misconfiguration of cloud account settings was one of the top five threat causes of data breaches in 2019.
If you have a Microsoft 365 business account, it’s important to know how to secure it against breaches. Not only can a breach mean major data loss or a ransomware infection, it can also lead to an email takeover where phishing emails are sent out by the thousands on your domain.
In 2019, cyberattacks against small businesses increased by 5 times.
Here are several tips for securing your Microsoft 365 business account.
Enable Multi-Factor Authentication
Another disturbing statistic from the DBIR is that credential theft has become the number one goal of phishing attacks. Cybercriminals are going after cloud account credentials, and Microsoft services are one of the biggest targets.
Microsoft says it sees over 300 million fraudulent sign-in attempts on its services daily. And while you can require employees to use strong passwords, login passwords are often reused across different accounts, and data breaches of retailers is not uncommon. So, often those passwords can get out.
Using multi-factor authentication is one of the best tools in your arsenal for protecting your Microsoft 365 user accounts from a breach. It’s 99.9% effective at stopping fraudulent sign-in attempts.
Provide Employee Cybersecurity Awareness
One of your best defenses against phishing attacks is to create a culture of cybersecurity awareness, and this is done through ongoing employee training.
Teach employees things like:
- How to spot a phishing email
- Password security
- How to properly secure workstations and mobile devices
- The importance of regularly updating their devices
- What social phishing looks like
- To always think security first when dealing with data
Use a Dedicated Admin Account
When a hacker gets their hands on the login for a Microsoft 365 administrator account, it’s like hitting the jackpot. They’re able to change security configurations in your company wide account as well as gain access to other user accounts.
On the other hand, if they breach a user account that does not have administrative credentials, the damage they can do is more limited.
You can reduce the risk of a hacker compromising an admin login for Microsoft 365 by using just one dedicated admin account that is separate from your user accounts.
This means that one account is set up specifically for the purpose of doing any administrative functions. It’s not used for emailing or day-to-day work in Microsoft 365 by a user. This limits the chance that account will be breached.
Increase Email Malware Protection
You have the ability to strengthen the default malware protection that is in Microsoft 365 for user email. What this does is allows you to block email attachments of certain file types (like .exe) to help reduce the chance that a user will accidentally open a dangerous file attachment.
You can do this by visiting https://protection.office.com and signing in with your admin account credentials. Then visit the Security & Compliance Center’s Threat management area.
Go to Policy > Anti-Malware to edit your company wide policy and turn on the “Common Attachment Types Filter.”
Turn Off Auto-Forwarding for Email to External Domains
One of the tricks hackers will use that users are often completely unaware of is to hack into an account and set up an email forward. They then have access to all incoming email for that account.
You can prevent this from happening by creating a rule that will deny any attempts to forward a Microsoft 365 account email address to an external domain.
Once in the Exchange admin center, you can set up the rule from the mail flow category.
Use Office Message Encryption
One feature that users can use to protect sensitive emails is to encrypt them. Office 365 message encryption works with Outlook, Yahoo!, Gmail and other services. What it does is use encryption keys with a message to ensure only the intended recipient can read the contents.
Two of the protections this can provide is:
- Encrypt the email message & attachments
- Apply a “do not forward”
Users can do this themselves when sending mail by going to the Options menu item in a mail message, and then:
- Click “More Options”
- Click “Security Settings”
- Check the box for “Encrypt message contents and attachments”
How Secure is Your Microsoft 365 Account?
Pro Tech Guy can help your Framingham area business ensure your cloud accounts are properly secured and aren’t subject to any misconfiguration vulnerabilities.
Contact us today for expert help with your cloud account security. Call 508-364-8189 or reach us online.