Any businesses that weren’t fully onboard with cloud technology at the beginning of 2020, have likely realized it’s vital to business continuity. When companies had to close offices due to the pandemic cloud solutions are how things stayed in operation.
One of the most popular cloud platforms used by companies is Microsoft 365, with MS owning almost 90% ofthe office suite market share. The combination of collaboration and utility applications are used in multiple business processes.
Even though there’s been a migration to the cloud for businesses in Lake Okeechobee and the rest of the country, one area that’s been lagging behind is cloud security.
Companies mistakenly think that when they sign up for a Microsoft 365 business account that it’s going to default to all the most secure settings to keep their data protected. They often don’t put the same thought into cloud security as they do on-premises and managed network security.
This leaves companies at risk if they don’t address cloud security because most of their data has now migrated to the cloud.
85% of businesses around the world use cloud technology to store information.
There are several ways to address security in your Microsoft 365 business account that simply involve knowing which settings and features to turn on or adjust.
Here are several things you can do to protect your account.
Turn on Multi-Factor Authentication (MFA)
Turning on MFA can prevent 99.9% of fraudulent sign-in attempts on your Microsoft 365 user accounts. This adds another layer of login protection that can stop a criminal in their tracks even if they have the account password.
Account administrators can turn on MFA for all users at once. This will then prompt users the next time they login to set up a device to receive the MFA code. This code is generated and entered at login in addition to the username and password.
Set Up a Dedicated Admin Account
Your most vulnerable accounts are the ones with the most privileges, this would be your admin accounts that can change security settings, user permissions, and more.
You can reduce your risk of one of these accounts being breached by reducing the number of admin accounts you have.
Instead of having each employee that is an admin have those permissions attached to their own Microsoft 365 account, set up just one account that no one is using otherwise and grant that account admin privileges.
Each admin then logs into that one account when needed and the account isn’t used for any other activities, like email. This reduces the risk of it being breached.
Turn Off Auto-Forwarding for Emails Outside Your Domain
Hackers that compromise an account don’t always make themselves known right away. One trick they use is to forward a user’s email so they can see every message coming in. If the user never checks their forwarding setting, this can go undetected for months.
In the Exchange admin center, you can stop email from being auto-forwarded to email addresses outside your company domain by doing the following:
- In the Exchange admin center, go to the Mail Flow category
- Select Rule, and click + to Create a new rule
- Select More options at the bottom
- Apply the rule when sender is internal
- Add a condition for when the recipient is external
- Add a condition for when the message type is Auto-forward
- Set the action to reject the message
- Add message text that says auto-forwarding outside your domain is prohibited
- Click Save on the new rule
Increase Malware Protection
You have the ability to increase your protection against malware in Microsoft 365 by increasing the number of file types that are blocked and not allowed to come in via email.
Malicious file attachments are often used to infect a system with ransomware, viruses, or other types of malware.
You can turn on the protection and edit the list of blocked file types by doing the following:
- Go to the Security & Compliance Center in Microsoft 365
- Under Threat Management, choose Policy > Anti-Malware
- Double-click to edit the default policy
- Select Settings
- In Common Attachment Types Filter, select On
- Add or delete desired file types
- Select Save
Turn on Safe Links (Microsoft 365 Business Premium)
Malicious URLS are used more often in phishing and ransomware attacks than file attachments. This is because emails with links to dangerous sites don’t technically have any malware in them, so they often get by anti-malware email filters.
Users with Microsoft 365 Business Premium have a feature that can block those malicious links, it’s called Safe Links. What it does is have the ability to rewrite over links to sites that are known to be dangerous.
Safe Links is part of Microsoft Defender for Office 365, you can turn it on and edit the policy by doing the following:
- Go to the Security & Compliance Center
- Under Threat management, select Policy
- Select Safe Links
Do You Have the Right Protections in Your Cloud Accounts?
Misconfiguration of security settings is a big cause of cloud account data breaches. Don’t leave your data at risk! Cris’s Tech Repair can help you ensure your account is set up correctly with the proper security.
Schedule a consultation today by calling 561-985-4961 or contacting us online.