How to Secure your Office 365 / M365 Tenant
Microsoft Office is probably one of the most used software suites for collaboration and communication within businesses. Its history goes back decades and has been a software solution that has evolved based on user demand and behaviours. At times it has wanted when it comes to security and vulnerabilities, but that has been addressed in the past 5 years by Microsoft.
With the advent of cloud services and, more specifically, Public Cloud > Software as a Service, Microsoft has taken the capability to further heights. It has been able to make the software more feature-rich and also allow it to operate online. However, that alone brings a raft of security issues and concerns that a business needs to be cognisant of.
Teck Genius have put together a list of things you can do make your Office 365 tenant more secure and further reduce your cybersecurity risk.
12 steps to securing your Office 365 tenant
1. User training and awareness: Your business has assets, and those assets need to be protected. Your users are your biggest gatekeepers from security compromises, but they are only as good as the training and awareness they have received. Ignore these at your peril.
2. Password policies: Often overlooked, a robust password policy can significantly reduce your cyber threat exposure. Ensuring that password complexity and password changes are part of the policy are essential.
3. Access security: Multi-Factor Authentication should be a capability all companies deploy across their company. It allows you to secure your accounts by a) giving you a different authentication mechanism to confirm the user is who they say they are and b) provides an element of risk mitigation in the even of a users credentials compromised.
4. Conditional Access: A capability that Microsoft introduced in Office 365 that offers significant protection from potential compromise. The location-based restriction is becoming more prevalent in the cybersecurity space, whereby access to services are only allowed from specific countries. Nations that have a history of hacking behaviour are essentially blocked from even reaching the service.
5. Anti-virus and malware protection: Office 365 offers various levels of protection against all threats. It is able to provide protection across devices and also within the actual service itself. For example, phishing is something that dupes users in entering details or downloading files. Office 365 has security capabilities that detect this and stop it before it even gets to your inbox.
6. Encryption: The use of encryption across Office 365 services is seamless and easy to implement. Microsoft has made its use of encryption and decryption an inbuilt core capability. Adopting this functionality amongst your users is highly recommended.
7. Restricted admin accounts: It’s surprising how many companies we come across that have users who log in to systems by default as full admins. This particular practice introduces serious risk in the event of a compromise on the device. Being logged in with administrator privileges would allow any malware or virus to execute commands freely without any control. Hence, you must limit the number of elevated accounts that users use.
8. Logging, auditing and notification: Being informed about events across your Office 365 tenant should be of interest to your IT support and cybersecurity teams. With Office 365 you can be notified of several activities or events that occur in the tenant. User password changes, successes, failures, locations, services, lockouts are just a few that can provide immense value.
9. Auto forward restrictions: Many of the malware actions do include the ability to spread themselves across network shares and emails. By default, auto-forwarding is enabled in Office 365, there is a risk that your users can inadvertently forward infected files. Leveraging the policy-based capability in Office 365 can limit \ remove this whereby you would be limiting the blast zone of any compromise.
10. Sender and receiver validation. Secure mail flow is essential for any business that relies on emails. By default, an email system will most likely accept emails from any sender, and therefore, you are always at risk from opportunist hackers. Setting up SPF, DKIM and secure DNS are all protective configurations that can further reduce your risk of inbound threats.
11. Multi-vendor protection: We see increased amounts of threats across the Internet which on occasion do attack specific systems. Teck Genius can work with you by putting together a service/solution that can take advantage of hybrid solutions that increase the protection level.
12. Data classification and rights management: Controlling who and where your data goes should be of interest to your business. Data leakage is a big issue, and without the right controls and policies, you can expect your information to leave your business to external locations. Leveraging IRM within office 365 can reduce your data’s risk of being in the wrong hands and seen by unintended eyes.
We hope this has been a thought-provoking article and we would welcome the opportunity to work with you in securing your Microsoft services. For more information or a no-obligation chat please contact us here.