Written By; Eoin Morrissey
Many companies have gone through, or are planning to go through digital transformations to the cloud, and moving to Microsoft 365 (M365) is often a key part of the journey.
Microsoft provides all the controls to effectively secure these environments, but these security controls are not always implemented, and in making the transition there is also a risk the solutions are not as secure as they can be.
Some tips and tricks for securing users as they use M365, are as follows
1. Multifactor Authentication
Using multi-factor authentication is one of the easiest and most effective ways to increase the security of your company. When users log in, multi-factor authentication means they can type a code from their phone to get access to Microsoft 365. This can prevent hackers from taking over, even if they get the users password.
2. Use dedicated admin accounts
The administrative accounts you use to administer your Microsoft 365 environment are valuable targets for hackers and cyber criminals. Use admin accounts only for administration. Admins should have a separate user account for regular, non-administrative use and only use their administrative account when necessary to complete a task associated with their job function.
3. Train your users
As with any new tool, companies must adequately prepare and train their staff on usage of the tool. It is vital that this includes security awareness training in order to protect companies from things such as phishing. Phishing is a large attack vector for hacker’s today, for example:
• 90% of security breaches are caused by Phishing
• 30% of phishing messages get opened by targeted users
4. Raise the level of protection against malware in mail
Your Microsoft 365 environment includes protection against malware, but you can increase this protection by blocking attachments with file types that are commonly used for malware.
5. Protect against ransomware
Ransomware restricts access to data by encrypting files or locking computer screens. It then attempts to extort money from victims by asking for “ransom,” usually in form of cryptocurrencies like Bitcoin, in exchange for access to data.
You can protect against ransomware by creating one or more mail flow rules to block file extensions that are commonly used for ransomware, or to warn users who receive these attachments in email. A good starting point is to create two rules:
• Warn users before opening Office file attachments that include macros. Ransomware can be hidden inside macros, so this will warn users to not open these files from people they do not know.
• Block file types that could contain ransomware or other malicious code. You can start with a common list of known executables. If your company uses any of these executable types and you expect these to be sent in email, add these to the previous rule (warn users).
6. Stop auto-forwarding for email
Hackers who gain access to a user’s mailbox can ex-filtrate mail by configuring the mailbox to automatically forward email. This can happen even without the user’s awareness. You can prevent this from happening by configuring a mail flow rule.
7. Protect your email from phishing attacks
If you’ve configured one or more custom domains for your Microsoft 365 environment, you can configure targeted anti-phishing protection. ATP anti-phishing protection, can help protect your organization from malicious impersonation-based phishing attacks and other phishing attacks. If you haven’t configured a custom domain, you do not need to do this.
We recommend that you get started with this protection by creating a policy to protect your most important users and your custom domain.
8. Protect against malicious attachments and files with ATP Safe Attachments
People regularly send, receive, and share attachments, such as documents, presentations, spreadsheets, and more. It’s not always easy to tell whether an attachment is safe or malicious just by looking at an email message. Office 365 Advanced Threat Protection includes ATP Safe Attachment protection, but this protection is not turned on by default. We recommend that you create a new rule to begin using this protection. This protection extends to files in SharePoint, OneDrive, and Microsoft Teams.
As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:
Contact your normal account manager for sales or firstname.lastname@example.org
Contact our orders department at email@example.com
Contact our service delivery office at firstname.lastname@example.org
Contact our Security Operations centre at SOC@ward.ie
Contact our Network Operation centre at NOC@ward.ie
Contact our finance department at Finance@ward.ie