Quick Win Security Measures
Enable Multi-Factor Authentication
When using a username and password for Microsoft 365 you run the risk of not following a robust password protocol. As such somebody could guess your password or obtain it from the Dark Web. After all the username part i.e email address can be quickly looked up from your web site/ social media. If your doing this you are exposing your organisation to intrusions.
That’s where multi-factor-authentication (MFA) comes into play.
It can boost your Microsoft 365 security by texting you passcodes or by using an app on your mobile to approve sign in. This way if someone guesses your password they will need your text code or application approval. This measure is very easy to apply and we automatically enable it for all of our clients.
This should only be your first step. The next is to activate Security Defaults, this enforces MFA in each administrator account.
Use Session Timeouts
Many staff forget to log out of there accounts and fail to lock computers and phones. This can all hackers unlimited access to accounts, enabling them to steal or compromise your data.
Public Calendar Sharing
Whilst allowing you to share calendars with colleagues gives many benefits and facilitates team collaboration, it can also give hackers an opportunity as to the best time to launch an attack. Such as allowing them to see when your security administrator is on leave.
Advanced Threat Protection
Advanced threat protection (ATP) is the next level of antivirus and firewall. For the last decade we have used antivirus and firewall protection. We now need a robust solution that recognises and prevents advanced threats that bypass traditional security measures.
It grants access to a database that is constantly receiving real-time updates, this allows users to understand the threats and integrate the data into their analysis.
ATP relies on machine learning and a massive database of suspicious sites notorious for malware delivery and phishing attempts. It’s like having a security specialist sat next to you using your machine all day.
Policy notifications in the compliance centre in Microsoft 365 allows you to meet your company’s security needs. EG. they can send employees tips on sending critical information whenever they are about to send an email to some one outside of the system.
These warnings can safeguard you against leaks to data while educating staff on safe ways to share data. Rather than attach a sensitive document to an email so the receiver has a copy maybe share a link to the document so you can revoke this at a later date.
Secure Mobile Access
We all use our smartphones to access email, contacts and documents away from the office. So securing these devices should be a high priority when protecting your data.
The best way we believe to do this is to install Microsoft mobile management features. They can allow you to manage your security policy, permissions, restrictions, and wipe crucial information from lost or stollen devices.
Deactivate Legacy Protocol Authentication
Legacy protocols are historical and do not support several of the security features in Microsoft 365 that reduce the risk of intrusion, such as MFA. These can make them a perfect gateway for people who want to target your organisation.
Your best bet is to deactivate legacy protocols to mitigate the risks associated.
You may be unable to disable legacy authentication if you use applications that requires the need for older email accounts. The good news is that you can still make your environment safer by only allowing these on users who still need this protocol or better still move them to a service account not used by an individual.
Roll Based Access Control
This is a convenient security feature that can allow you to limit the flow of information across your business. It allows you to establish which users can access what data.
For instance you can prevent team members from reading and editing Director level files.
Unified Audit Log
Unified audit log (UAL) includes logs from across several Microsoft 365 services such as: AD SharePoint, One Drive, Teams. Enabling this can give administrators insight into malicious activity and actions that do not conform to company policies.
You can also integrate these security logs into an existing SIEM (Security Information and Event Management) tool. This then enables you to connect logs with monitoring and management solutions to reveal any abnormal activity. As a result of this you can improve the overall security of your Microsoft 365 suite.
Sometimes encryption is the last resort for sensitive data and dealing with data breaches. If a cyber attacker manages to access your email they can use robust encryption tools to make our data unreadable. That is why email encryption is something work looking into,
This feature is essential for all Microsoft 365 users who share emails and files regularly.
No matter what security measures or products are used to secure your data and systems, at some point a threat will make it through. One of the best ways to prevent security breaches is to train staff to spot the threats, by continual staff training your system can be come more secure. It can raise awareness of potential threats and how to avoid them.
For new employees make sure they undergo in-depth security training before being given access to sensitive data and organisational devices.
Don’t leave your businesses data protection to chance
Microsoft 365 offers a bunch of tools for you to run your business’s IT. The experience can be so smooth you may even forget about protecting your data.
If your not taking action your taking a huge gamble as it can leave your systems open for hackers.
With this in mind, applying our defence mechanisms mentioned above will dramatically decrease security threats to your business.
If you have not got the time to go through these yourself then it may be worth having a chat with us to discuss how we can help keep cyber threats at bay. You can book time with either of our directors here