In this fast-paced landscape, your organization’s data is shared and accessed from more devices and locations than ever before. Back in the day, cyberattacks were easy to spot. “Today, phishing attacks are so perfectly designed that even experts can be fooled. Plus, many pieces of malware are so well-engineered they can sweep the globe before anti-virus or security tools notice them,” says your Chief Security Officer.
Research shows 75.5% of all Office 365 apps store highly sensitive information like social security numbers, passwords, credit card numbers, and more. The question is:
When was the last time you re-evaluated your security practices?
There are several features in that most organizations don’t use that help make Office 365 more secure. To protect your company against external threats, all you have to do is turn them on. Follow these eight tips to break through the noise of daily threats and improve Office 365 security.
Let’s get started.
Learn how to find vulnerabilities in your Office 365 tenant before attackers do
#1 Check your Secure Score
This is the first step you can take to protect your organization from threats. Your Secure Score is like a credit score for your security. It examines your Office 365 environment, notes areas where you’re exposed to risk, and gives you personalized security recommendations.
Secure Score helps organizations:
- Report on the current state of the organization’s security posture.
- Improve their security posture by providing discoverability, visibility, guidance, and control.
- Compare with benchmarks and establish key performance indicators (KPIs).
#2 Set up multi-factor authentication
Did you know 90% of all passwords can be cracked in less than six hours? Studies show 81% of breaches are linked to weak or stolen passwords. Plus, two out of three employees are using the same passwords for everything at work and home.
Multi-factor authentication will prevent 99.99% of identity attacks, adding an extra layer of protection. Whenever you log in to your account, you’ll have to type a code from your phone to get access to Office 365.
#3 Use Office 365’s built-in mobile device management tools
The built-in Mobile Device Management (MDM) for Office 365 helps you secure and manage your users’ mobile devices by requiring a PIN.
Set and manage security policies, like device-level pin lock and jailbreak detection to defend against unauthorized users accessing corporate email. You can view detailed device reports, remotely wipe a stolen or lost device, and remove Office 365 company data from an employee’s device.
#4 Create a separate account for system admin tasks
The administrative accounts you use to manage your Office 365 are the first targets for attackers. Setting up a separate account with a different password for admin functions is a smart call. The admin account doesn’t even require an Office 365 license.
Additional recommendations from Microsoft:
- Be sure admin accounts are also set up for multi-factor authentication.
- Before using admin accounts, close out all unrelated browser sessions and apps, including personal email accounts.
- Log out of the browser session after completing the tasks.
#5 Block malicious file types
Malware is hitting your network regularly. Your Office 365 environment includes protection against malware. You can quickly raise the level of security by deciding which file types you want to block from entering your network automatically.
#6 Store files in OneDrive for Business
Microsoft has always worked on improving the security controls in OneDrive to meet even the most rigorous business demands.
With your data safely in the Cloud, ransomware attacks will be a thing of the past.
Office 365 subscribers receive alerts if OneDrive detects ransomware or malicious attacks. Users can easily recover files up to 30 days after a malicious attack or other types of data loss.
#7 Stop email auto-forwarding
According to Microsoft, “Hackers who gain access to a user’s mailbox can exfiltrate mail by configuring the mailbox to automatically forward email.”
Turn off users’ ability to auto-forward emails to outside accounts. If an attacker breaches an account, it’s easy for them to redirect emails outside the network and wait for the right moment to strike.
#8 Train your users
Of all the security risks in your organization, a big one is your users. Educate them on how to spot phishing attacks and why they should avoid opening dangerous attachments.
Check out these powerful insights from The Harvard Kennedy School, The Cybersecurity Campaign Handbook, on the importance of establishing a culture of information security awareness: “Take cybersecurity seriously. You are responsible for reducing risk, training your staff, and setting the example. Routinely update and patch all systems. Human error is the number one cause of breaches. Phishing continues to be a leading method of attack. Train your staff to be on guard for suspicious messages.”
Want to defend your organization from cyberthreats and save time?
Although you can implement these fixes manually, you are busy entrepreneurs who have a lot on their plates.
Thanks to Office Protect, you can manage your security needs within the Office 365 environment without digging through security settings or apps. Office Protect provides a complete history of security-related events, identifying and flagging unusual activity. This easy security management solution only saves you time but also allows you to stay on top of the latest security-related trends and makes office 365 more secure.
Ready to find out more about how Office Protect simplifies security? Read more here.
