WHAT SHOULD WE BE DOING TO BETTER SECURE OUR MICROSOFT 365 BUSINESS ACCOUNT?

Unfortunately, public cloud account breaches are becoming more common. They’re often caused by misconfiguration of security settings that allow hackers to breach user accounts, catch users in phishing nets, and more.

In fact 8 out of 10 organizations in the U.S. have experienced a data breach due to cloud misconfiguration, which can be something as simple as leaving your Microsoft 365 account at default settings.

From business email to productivity tools like Word and Excel, Microsoft 365 is a powerful platform, but it’s vital that you properly secure it to protect your data.

What configurations should you be applying to better protect your Microsoft 365 business account? We’ll go through some of the most important next.

WAYS TO SIGNIFICANTLY IMPROVE MICROSOFT 365 SECURITY

CREATE ALERTS FOR SUSPICIOUS ACTIVITIES

More often than not, hackers that breach your Microsoft 365 account will be from a completely different geographical location. Once an account is breached, it’s not always obvious.

Often hackers will silently perform activities behind the scenes, doing as much damage as possible before they’re caught and kicked out. One of these is sending spam and phishing emails from a user’s email account.

You can improve awareness and reduce the time from breach to discovery by setting up a couple of important alerts in the Security & Compliance Center:

• ALERT FOR A LOGIN FROM A SPECIFIC GEOGRAPHICAL REGION
• ALERT FOR THE NUMBER OF SENT EMAILS BEING HIGHER THAN A SET THRESHOLD

USE A DEDICATED GLOBAL ADMIN ACCOUNT

How many user accounts do you have with administrative privileges in Microsoft 365? An admin account is particularly vulnerable because if hacked, the hacker could lower security, create new users, and do much more damage than if on a lower-level account.

Instead of having users with administrative privileges attached to accounts that they use for email and other activities, use one dedicated global administrator account that is not used for anything else.

You can set up a dedicated global admin without adding a user license. Admins then just logout of their user account and log into the administrator account for admin tasks. Then logout when finished. This reduces the risk that an admin account will be breached.

HAVE ALL USERS USE MULTI-FACTOR AUTHENTICATION (MFA)

It’s no secret that many users don’t use password best practices. They may use weak passwords, reuse passwords across multiple accounts, or store passwords in an unsecure manner.

77% of cloud account breaches are due to compromised passwords.

Enabling MFA can virtually block nearly all fraudulent sign-in attempts because the hacker won’t have the device that receives the MFA code, which is used as a second login requirement.

BLOCK EMAIL FROM BEING AUTO-FORWARDED OUTSIDE THE COMPANY

Unless a user specifically checks their auto-forward settings regularly, they may never realize that a hacker has gained access to their account and set up an auto-forward of the mail to their own email address.

This allows hackers to gain confidential company information and password reset emails, which allows them to breach more accounts.

You can block the ability for any account’s email to be forwarded outside your organization in the Exchange admin center.

Here’s how to do this:

• GO TO THE MAIL FLOW CATEGORY AND CHOOSE RULES.
• CLICK TO CREATE A NEW RULE
• CLICK + AND THEN SCROLL TO BOTTOM AND CLICK FOR MORE OPTIONS
• CREATE A RULE WITH THE FOLLOWING PARAMETERS
  • IF SENDER IS INTERNAL
  • AND RECIPIENT IS EXTERNAL
  • AND MAIL TYPE IS AUTO-FORWARD
  • BLOCK MESSAGE WITH EXPLANATION
  • ENTER EXPLANATION (I.E. THIS FORWARDING ACTION IS PROHIBITED)
• SAVE THE RULE

IMPROVE YOUR ANTI-RANSOMWARE & ANTI-MALWARE PROTECTIONS

Ransomware and other forms of malware can be particularly costly for businesses. The business owner not only has the downtime costs, they can also suffer a hit to their business reputation which can mean lost business for months or years after a breach.

There are two things you can do to boost your defenses against malware:

1. ADD A WARNING FOR MACRO-ENABLED OFFICE FILE ATTACHMENTS
2. BLOCK SUSPICIOUS ATTACHMENT FILE TYPES

First, to set up the macro-enabled file warning:

• GO TO THE EXCHANGE ADMIN CENTER, MAIL FLOW CATEGORY
• SELECT RULE, AND CLICK TO CREATE A NEW RULE
• SELECT MORE OPTIONS AT THE BOTTOM
• SET THE FOLLOWING PARAMETERS:
  • IF A FILE ATTACHMENT MATCHES DESIGNATED FILE TYPES
  • ADD FILE TYPES: DOTM, DOCM, XLSM, SLTM, XLA, XLAM, XLL, PPTM, POTM, PPAM, PPSM, SLDM
  • THEN, PREPEND A DISCLAIMER
  • ADD TEXT (I.E. THIS FILE TYPE CAN CONTAIN MALWARE, DO NOT OPEN UNLESS THIS MESSAGE WAS EXPECTED.)
• SAVE THE RULE

The second thing you can do is turn on a mail filter that will block file attachments that are known to be used for malware.

• LOG INTO THE SECURITY & COMPLIANCE CENTER
• UNDER THREAT MANAGEMENT, CHOOSE POLICY > ANTI-MALWARE
• DOUBLE-CLICK TO EDIT THE COMPANY-WIDE DEFAULT POLICY
• CLICK SETTINGS
• TURN ON THE “COMMON ATTACHMENT TYPES FILTER”
• SAVE

You can also edit this filter and add or remove file types.

HOW STRONG IS YOUR CLOUD SECURITY?

Unbound Digital can help your Johnson City, Tennessee business avoid problems with misconfiguration by customizing your cloud account security settings to keep your data protected.

Contact us today to schedule a consultation. Call 423-335-2461 or reach us online.