Are you using your Microsoft 365 account “out of the box?” Meaning that you haven’t specifically changed any configurations for workflows or security.
If so, you could be leaving your business data open to a breach because the platform doesn’t automatically default to the most secure security settings.
Misconfiguration (or lack of setting proper security settings) is a big problem when it comes to breaches and ransomware infections of cloud data in apps like OneDrive and SharePoint.
A study by application security developer Barracuda found that in just one month, 29% of its customers had their Microsoft 365 accounts breached by hackers.
If you’re a Microsoft 365 business user, then a good deal of your data is going to be stored in the platform, and “out of the box” security is not going to be enough to protect it. For business network systems to run effectively and securely in the cloud, they need to be properly customized.
Customizations to Secure Your Microsoft 365 Account
Here are several ways you can easily increase the security of your Microsoft 365 business account to prevent account breaches and malware infections.
Use Only One Dedicated Admin Account
Rather than granting a user account admin privileges, set up a special “Admin Only” account that won’t be used for email, app use, or any other Microsoft 365 activities other than account administration.
This reduces the risk that the account login will become compromised and reduces the number of accounts with admin privileges. For example, if you have four employees that act as Microsoft 365 admins, instead of four accounts with advanced privileges, you only have one. Each user logs into the dedicated account when needed and then logs back out.
Turn On Multi-Factor Authentication (MFA) for All Users
A majority of cloud account breaches happen due to hacked or stolen login credentials. You can significantly reduce the risk of your accounts being taken over by turning on MFA for all your users.
According to Microsoft, MFA is 99.9% effective at stopping fraudulent login attempts.
When MFA is enacted, the user will be prompted upon next sign-in to set up a device to receive the MFA code, which will be entered along with their password when they login to Microsoft 365 services.
Add Anti-Phishing Protections
Phishing emails are the main delivery method for all types of cyberattacks from credential theft to ransomware. You can beef up your anti-phishing protection for your email in Microsoft 365 by doing two things.
Both of these are done by setting up rules in the mail flow category of the Exchange admin centre.
- Create a warning message for your users when an email contains an attachment that holds a MS document with a macro. Let them know to be careful because macros can hold malicious code hidden in seemingly innocent file types like Word. Set this up for the following file types: dotm, docm, xlsm, sltm, xla, xlam, xll, pptm, potm, ppam, ppsm, sldm
- Block known malicious file types from making it through to user inboxes. You’ll do this through a blocking rule for the following file types: ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif
Use Safe Links in Microsoft 365 Business Premium
Premium users of Microsoft 365 business have additional protections for their account through Microsoft Defender for Office 365. But again, these are not on the most secure settings by default, they have to be customized.
Safe Links helps solve a growing problem, which is that most phishing emails now use links to malicious sites rather than malware attachments to skirt past email security.
Safe Links addresses this by examining any links in incoming emails and elsewhere in Microsoft apps, and if it finds they are dangerous, it removes them from the message.
You can increase your protection in this feature by doing the following:
- In the Security & Compliance Centre, choose Threat Management
- Select, Policy
- Select, Safe Links
- Update the existing policy under “Settings that apply to content except email”
- Choose: “Office 365 applications, Do not track when users click safe links,” and “Do not let users click through safe links to the original URL.”
- Click, Save
Block the Ability for Email to be Auto-Forwarded Outside Your Domain
One common tactic taken by hackers is to auto-forward a user’s email to their own address without the user’s knowledge. This can give them access to all types of sensitive company data, password reset emails, and more.
You can block this capability account-wide by doing the following:
- Go to the Exchange admin centre
- Select “rules” under the “mail flow” category
- Create a new rule
- Select “More options” at the bottom
- Apply a setting that notes: If sender is internal and recipient is external, and message type is Auto-forward, then block message.
- You can also add a message to the rule to warn that this function is prohibited
- Click “Save”
Ensure Your Microsoft 365 Account is Fully Customized for Your Needs
You could be missing out on a lot of functionality and security features if you’re using Microsoft 365 “out of the box.” Tuned IT can completely customize your account to benefit your business.
Contact us today to learn more! Call 0191 662 0023 or reach out online.