10 Tips to Help Keep Office 365 Secure Against Breaches

Guest Author by Published On - 06.24.2019   Data Security

It can often seem like a company experiences a data breach every day. Now, even though your business may not be the largest around, it is still important to protect your clients’ privacy. If you use the Office 365 system, here are all the ways you can do so:

1. Create Greater Security Awareness

Although most companies fail to realize it, your employees can often be your weakest link. Since they are the individuals that most often access the system or send and receive emails, they pose the biggest risk to your company. This is what makes greater security awareness and appropriate training quite so important.

Now, some of these instructions are relatively simple, yet fundamental. They include enabling security measures with all operating systems, being aware of device security, and using strong passwords. However, teaching them about risks that are specific both to your company as well as Office 365 can go a long way.

2. Create Dedicated Admin Accounts

When you think about it, hackers and other cyber criminals aren’t just after any kind of information. They are specifically looking for high-level, sensitive information. Now, with Office 365, all of these details are contained within administration accounts as they have superior privileges.

Thus, it is important that only a handful of reliable individuals are provided with admin accounts. At the same time, even people involved in the admin process should have their own non-admin accounts. This way, they will only need to utilize the admin accounts for special tasks, securing it further.

3. Enable Multi-Factor Authentication

These days, multi-factor authentication is becoming the norm for everyone and it isn’t difficult to see why. In short, this feature includes extra layers of protection for the system. This way, if someone does try to breach it, they are going to find it a lot harder to do so.

The good news is that if you are a global administrator, you can set the MFA, by default, for the entire organization. If this isn’t your responsibility, make sure that the person in charge of the accounts selects this option. This step can ward off most attacks.

4. Protect Against Malware and Ransomware

By default, Office 365 has protection against malware and ransomware. Nonetheless, it isn’t all-encompassing. So, if you really want to batten down the hatches, you will need to do a bit more. To start with, you can block any attachments that contain file types typically found with malware attacks.

With ransomware, you can use mail flow rules to block the more common file extensions associated with these kinds of attacks. Of course, due to the nature of your work, you may come across many legitimate emails and find it difficult to tell the difference between them. Therefore, employees should be trained to only open emails from individuals they recognize.

5. Create an Anti-Phishing Policy

Though computing trends come and go, one thing that stays the same is phishing attacks. These have been around for a while and they don’t appear to be going away anytime soon. This is why Office 365 already has the necessary security measures in place. It is up to you to enable them.

This is particularly important if you have configured several custom domains in the system. For these, you will need to enable targeted anti-phishing protection which is part of the Advanced Threat Protection features of Office 365. This will help to keep such attacks at bay.

6. Disable Password Sync

Earlier, there was an option available for Office 365 users to sync their passwords with the Azure Active Directory. When this feature is activated, the on-premises password overwrites the Azure AD password. So, if the on-premises password is compromised in any way, the attacker can easily move to the cloud as the sync is taking place. To avoid this, you should disable on-premise to cloud AD matching for all administration accounts.

7. Enable SPF and DKIM

Remember, even if you aren’t the target, some of your clients might be. Thus, you need to ensure that only people with proper access are allowed to send emails from the system. To do this, you need to enable both Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). This will greatly cut down on the risk of spoofing.

8. Activate Unified Audit Logging

Do you want to make sure that only the appropriate people have access to your system? If so, you need to activate the unified audit logging. This isn’t done by default, so it must be done by the administrator for all users. This way, you will be able to go through the logs and track every activity that takes place.

9. Be Wary of Legacy Email Protocols

There are many instances when you do need to rely on older email clients, particularly if certain customers do so. The danger here is that they don’t have the same kind of protections, like MFA, in place. If you simply can’t get a customer to make a switch to a newer version, it is important to ensure that you only use them with these specific individuals or organizations.

10. Learn How to Do a Remote Wipe

There is a chance, despite your best efforts, that someone is able to gain access to the system. This is especially possible if your company supports a BYOD policy and the device falls into the wrong hands. In such an instance, it is best to familiarize yourself with how to do a remote wipe. Fortunately for the employee, all the information doesn’t need to be erased. There is a Remove Company Data option that limits the wipe to sensitive information only.

These are the top ways you can protect Office 365 against breaches. Although a little effort is required in such instances, it is important to take the necessary steps. Ultimately, this is what will uphold your business’s standing with clients.

Author Bio: Ollie Mercer is an independent blogger who covers all things tech. He studied coding as an undergraduate and was a devout tech employee for years before deciding to go freelance. He splits his time between California and New York, his home state. You can find more of his work at ComputerRealm.

Bottom Banner

Comments are closed.