Keep it Safe in One Place - Office 365 Security Best Practices

The Microsoft® suite of office tools has evolved from individual products to an interconnected platform that continually updates and adds new features. You no longer have to buy upgrades or new versions to keep up with new features and software fixes. But like with any software, changes and additions increase the vulnerable surface attack area of your network.

Microsoft® Office 365 Security

The good news is that Microsoft® takes security very seriously. They build many layers of security into their programs and fix security vulnerabilities when they become apparent. Users have options in their settings to protect data created in Microsoft® applications. However, security protocols work best when everyone on your team follows them. Unless you are a one-person company, you must train employees and implement a cyber security policy that includes these procedures and more:

• Multi-Factor Authentication – Multi-Factor Authentication works with your password and requests one or more additional credentials to prove who you are. Security starts with authorized users using the right accounts. By requiring further security questions, passwords or codes, you are instantly making it more difficult for a hacker or another employee to steal credentials to get into an account. Although it takes a few seconds longer to log in, a strong additional layer of security is worth that extra time.
• Administrator Account Privileges – Start with everyone having the minimal number of access privileges and add only what’s needed. A graphic artist doesn’t need access to bank accounts, and the bookkeeper shouldn’t have access to formulas and business plans. Restrict Administrator privileges to as small a group as possible. Set company-wide rules and provide training to underscore the importance of compliance. Cyber threats can originate from inside as well as outside the network.
• Securing Outlook With Settings – Administrator-level functions are easily set and can be applied company-wide to block certain attachment file types, commonly infected with malware https://en.wikipedia.org/wiki/Malware. Such files will be filtered out (blocked). In Outlook Settings, Click on Common Attachment Types Filter. Then, click “On.” You can then add or delete different file types that you wish to be blocked.
• Defend Against Ransomware – Data can be frozen, encrypted and held hostage by a ransomware attack. By creating two basic mail-flow rules in Outlook: applying the file type filter (as outlined above) and warning the user of potential threats before they open attachments, you can mitigate many ransomware attacks. Rules that you build into your system and user compliance are crucial to your ransomware defense.
• Anti-Phishing Protection – Phishing is cyber forgery. Hackers disguise their attacks to look like an email from a trusted or familiar source. The best defense against phishing is to pause and review before automatically clicking on an attachment to an email or text. Phishing scams are among the most common methods hackers use to gain access to personal and business data. Security software can help reduce phishing attacks, but the best defense is user caution.
• Cyber Security Training – You must make sure your users know your IT security protocols and policies. Data security must become an integral part of your business culture and include ongoing training for all levels of users. Everyone on your business network who uses your software and accesses company data must be given basic training regarding the importance of:
  • Strong Passwords
  • Password Management
  • Enabling the security settings already built into their system software
  • Protecting their devices, particularly cell phones and laptops
  • Following company best practices
• Office Message Encryption – Office message encryption is an option that is included with Microsoft 365. By setting email encryption, your company can send and receive encrypted emails, within and outside the company. Email encryption works with most email platforms and can ensure that only the intended recipients can read the content of messages.
• Stop Auto-forwarding on emails – Once hackers have breached your company’s network and gained access to your email account, they can steal mail by surreptitiously setting user mailboxes to automatically forward all mail to unknown recipients. Creating a mail-flow rule will prevent auto-forwarding.

Hackers want to maximize their exploitation of breached accounts. To increase their infiltration level, many hackers will monitor the activity in the hacked accounts to ascertain how they can inflict the most damage and determine which data, such as company financial information or C-level executives’ files, are most valuable.

Managed IT

You’ve invested so much in your small or mid-sized business, but cybercrimes can put it all at risk. Adding productivity software such as Microsoft 365 can help your business work more efficiently. Still, now that work-from-home employees and remote access remain on the rise, network access and security must be addressed. GEEK-AID provides full business network, computer repair and IT services for small and midsized businesses. They specialize in helping their clients defend against cyberattacks with many support services provided on-site and remotely.

Schedule a phone call to find out more about securing Microsoft 365 and ways to secure company data and network access. GEEK-AID experts can assess your network and provide an IT security plan for your business. Call (877) GEEK-AID (877-433-5243).