Microsoft 365 Business is a great and affordable solution not only to increase productivity, but to enhance security as well. Here are simple steps that will help organizations using Microsoft 365 Business plan to stay on the safe side.

Training users (employees)

The biggest threat by far to any Internet user today is human interaction. "Social engineers" are people of ideas -- they may send an email or even make a phone call, convincing the target they are from a reputable company and tricking the victim into handing over sensitive information. So the best you can do to secure your organization is:

• build a culture of security awareness, informing your users about most common threats
• follow the ultimate rule: "Think before you click" (or give out any important information)
• make absolutely certain that you're on the website you think you're on, or that people you're talking to are who they say they are -- and if you can't be certain, hang up. It's simply never worth the risk.

You can start your training by reading how to protect yourself from phishing schemes and other forms of online fraud.

Check out your organization's Secure Score

Secure score gives you a view of the organization's security posture. This indicator is determined for each organization automatically and shows how it is doing in terms of security. The Secure Score also provides an analysis of possible threats and gives recommendations on how to improve the situation and get a better score. You can choose which recommendations to follow at what time, so it's very flexible and depends on the company's needs.

If you want to know more about how to find and fix risks in Microsoft 365 with Secure Score, please see here.

Start using multi-factor authentication (MFA)

Two-step authentication is one of the simplest methods to protect an account, because even if hackers get hold of a password, the second layer of defense will still protect the account, because it uses:

• something you have (like your smartphone) or something you are (like your face or fingerprint).
  If your company is using Microsoft 365, then MFA is already there. At the same time, if you make security hard, people will work around it, so MFA should be implemented with the right model. It is possible to start with a couple of employees and set up MFA for them, giving them the option to approve their identity using:
• secondary email address
• phone number (to receive a phone call or a message with the secret code)
• authenticator app

It is always up to you and your users to decide how to deploy MFA in the most convenient way. Sometimes, however, it might take time and effort to puzzle out the settings, so our specialists will gladly help you in case you need advice.

Check out your admin accounts

Keep in mind that administrative accounts include more privileges and thus naturally present more valuable targets for hackers. So admin account should be:

• well-protected (in this case, MFA is surely a must)
• used only for administrative functions
• used only when all unrelated applications, websites, and accounts are closed
• logged out of the browser session once the admin is done with their tasks

Protect against spam and malware

Microsoft 365 already has built-in malware and spam filters, but there's no limit to perfection, and you can additionally:

• set an anti-malware policy that will block attachments most often used by hackers. To do this, follow the instructions in the picture below
• fine-tune your Exchange Online or EOP (already included in Microsoft 365 Business Basic and Business Premium plans) to make your organization an unassailable fortress for malware and spam attacks. See here if you want to learn more. It might be a little tricky, so don't hesitate to reach out.

Protect against ransomware

Ransomware is a malignant piece of code that may block access to your corporate data, attachments, or devices, and demand a ransom (most commonly in cryptocurrency) to restore the access. But organizations won't necessarily regain their access even if the money is paid, so it's obviously better to prevent this type of threat than to deal with the consequences. You can prevent it from happening by:

• educating users that the first and most important rule states that ransomware is downloaded through executables (most common are the following file types: ade, exe, pif) and files supporting macros (like doc, xls, docm, xlsm, pptm), but if they are part of your business correspondence, warn your users about the risk and train them to always be watchful of anything suspicious
• creating backup copies of your files
• creating mail flow rules to block some attachment types

Disable mail auto-forwarding

Auto-forwarding may result in data leakage or even data loss, so it is safer to turn off this capability for your employees. Creating a transport rule blocking any auto-forward message types is among the simplest and handiest ways to do it. The following article can give you a better idea on how it works.

Enable mailbox auditing

The information pointing out who was logging in, sending emails or performing other mailbox activities may turn out to be very useful for identifying suspicious behavior and possibly showing that an account was compromised. So if you want to keep up with various mailbox activities, you will need to enable mailbox auditing in Microsoft 365 and get the full picture.

Follow these simple steps and secure your workplace to achieve more. If you want to learn how to secure your business even more, please read the article about Microsoft 365 and the set of advanced features it offers to get the best possible experience.

2019-01-10

Similar posts