Did you know that when you first subscribe to Microsoft 365 “out of the box,” it may not default to the security settings you need?
If you haven’t had your account customized for security, this can leave your data and user accounts vulnerable.
This means that you may have a false sense of security when it comes to your Microsoft 365 business account and could be taken completely off guard by a ransomware attack, email takeover, or other type of account compromise.
Of all the security concerns that surveyed IT professionals have about cloud platforms and data breaches, misconfiguration of settings is at the top. They list the top cloud security threats as:
- Misconfiguration (68%)
- Unauthorized cloud access (58%)
- Insecure interfaces (52%)
- Account hijacking (50%)
Because a platform like Microsoft 365 holds so much of a company’s business data, including files, emails, and conversations, it’s important that securing the platform be a significant part of any cybersecurity strategy at your Sturgeon Bay, WI business.
Tips for Securing Microsoft 365 Business Accounts
Use Multi-Factor Authentication (MFA)
MFA is not on by default when you sign up for Microsoft 365. Turning this feature on for all users will add an additional sign-in step that requires a time sensitive code be entered.
It will go something like this:
- Enter username/password
- Click to have code sent to a pre-registered device
- Enter the code
- Gain access to the account
Microsoft describes enabling MFA as one simple thing you can do to block 99.9% of fraudulent sign-in attempts.
When MFA is enabled for all users, it will prompt the user to set up an approved device upon their next sign-in.
Use Just One Dedicated Admin Account
Most companies will add administrative permissions to the appropriate user accounts so those employees can perform the necessary admin duties in Microsoft 365.
But the more admin accounts you have, the more risk you have that one will be breached. Additionally, those accounts are being actively used for email and other activities, which also involves risk.
Instead, set up one dedicated admin account that is not used for email or similar activities. When one of your admins needs to administer the account, they can log into that admin account and log back out when finished. This reduces the risk of a hacker breaching an account with admin privileges.
Stop Auto-Forwarding of Emails Outside Your Domain
When someone breaches one of your user accounts, they don’t always “make noise.” Sometimes they simply put in an auto-forward of mail to their address without anyone realizing it.
This means that any sensitive information sent to that user (including password reset details, etc.) is accessible by the hacker.
You can set up a rule in the Exchange admin center, mail flow area to stop auto-forwarding outside your domain.
Increase Malware & Ransomware Protection
Phishing remains the number one threat to businesses when it comes to infection by ransomware and other types of malware.
One of the ways that malicious code is introduced into a system is through a malicious file attachment, this includes dangerous macros in Word or Excel.
You can increase network protection by turning on the Common Attachment Types filter for email and creating mail rules that will block malicious file types and warn employees about opening files that contain macros.
You’ll set these up as follows:
- To turn on the attachment types filter go to: Security & Compliance Center > Threat management > Policy > Anti-Malware
- To set up ransomware rules go to: Exchange admin center > mail flow > rules
Block Phishing Links with Safe Links (Premium)
If you have Microsoft 365 Business Premium, you can use the new Safe Links feature. This goes a step farther from blocking file attachments and actually seeks out and blocks malicious phishing links.
Links are used far more often in phishing emails than attachment because hackers are trying to get past anti-malware filters, so Safe Links gives you an important anti-phishing protection.
To turn this on go to: Security & Compliance Center > Threat management > Policy > Safe Links
Use Email Encryption for Sensitive Data (Premium)
Another feature in Microsoft 365 Business Premium is email message encryption. This allows you to send and receive encrypted email messages both inside and outside your organization.
You can use this encryption with Outlook.com, Gmail, Yahoo!, and other mail services.
You can choose from two protections:
- Do not forward
This feature can also be set up with sensitivity labels through your IT security policies.
Is Your Microsoft 365 Account as Secure as It Should Be?
If you’re using Microsoft 365 “out of the box” you can be missing important security and productivity enhancements. Quantum PC Services can help your Sturgeon Bay business take advantage of them with a customized setup.
Contact us today to learn more! Call 920-256-1214 or reach us online.