8 Ways to Secure Microsoft Office 365

Microsoft 365 is an essential platform for many small to medium businesses. In fact, it’s considered the world’s most popular cloud-based office productivity suite. Unfortunately, this means it’s popular with cyber criminals as well! The good news is Microsoft 365 comes equipped with many built-in security features that can help mitigate risk. The bad news is you have to work through and turn them on! Learning how to properly configure and deploy these features, coupled with employee training, is the best way to help protect your valuable business data. Following we overview 8 ways to secure your Microsoft 365 platform, but keep in mind there is no single solution out there that can completely protect your business.

Eight Ways to Secure Microsoft Office 365

1. Set up Multi Factor Authentication (MFA)

Usually, employees only have one way to verify their identity when logging into Microsoft Office 365 – their username and password. Unfortunately, history has proven time and time again not all employees are overprotective about always safeguarding their passwords. Using Multi Factor Authentication (MFA), is one of the simplest and most effective way to increase the security of your business.

MFA combines two or more factors. Such as a password, a code, a fingerprint or even a retinal scan, to verify a person’s identity and protect you against a possible breaches. That means even if a criminal is able to steal your password, they can’t access your account without the other verification method.

The most common method is a text message that is sent to the user’s smartphone (or an authenticator application), every time they try to log into an on-line application. This type of protection is becoming a popular step with business and consumer apps. For most companies, the built in MFA option in Microsoft Office 365 can provide the necessary protection. It allows you to activate MFA at the user level, which offers several different options for the second verification method.

But don’t forget to protect your other business applications as well, such as Salesforce, G-Suite, Dropbox and all the other line-of-business apps you use every day! There are many MFA solutions available in today’s market.

2. Meticulously Manage Your Microsoft Office 365 Administrative Privileges

Admin accounts are sought after targets for cyber criminals, as they include elevated privileges. When the accounts of users with admin privileges are breached, the consequence is often more serious. Be sure that your admins have a separate user account for every day non-administrative use and only use their admin account when necessary. Additionally, restricting the number of users with admin access can help lower your risks.

However, there are times when certain employees need limited-time admin access for certain tasks. Privileged Identity Management allows you to minimize risks by allowing you to assign temporary admin status to specific users. You can control access based on the information each user needs and the length of time they require admin privileges. This is a great way to limit your exposure!

3. Data Encryption

To ensure the security of sensitive information either at rest or during transit, you need to implement an encryption protocol that ensures confidential storage and communication. This is particularly important if your company handles information such as credit card information, tax file numbers, or health records. This is becoming a regulatory compliance requirement across more and more industries every day.

Microsoft 365 has built in features: BitLocker for files saved on a Windows computer and TLS connections for files on OneDrive for Business or SharePoint Online. Another feature is the ability to send encrypted email messages to recipients outside of the organization, letting them access the messages by signing in with a Microsoft account, using a 365 account, or entering a one-time passcode.

4. Mobile Device Management (MDM)

There is a high probability your staff are accessing company data from their phone, tablet or laptop, especially now that many of us are working from home. Even though you can provide the necessary education to employees, you still need to guard against scenarios such as lost devices or someone other than the employee gaining access to the devices. Microsoft 365 offers a built in MDM option, which works well for employees accessing email via their company-issued mobile devices.

If employees are using their own devices or using applications besides email, Microsoft Intune will give you more control and offer additional protection. This is a tricky one, so consult with your IT security expert to find out which MDM solution is best for your company.

5. Create a Data Loss Prevention (DLP) Policy

To comply with business standards and industry regulations, many businesses will need to create and maintain a DLP policy. A DLP Policy will ensure that sensitive information stays within your organization by monitoring confidential data and preventing users from sending the data to anyone outside of your company. You can either use one of Microsoft’s existing templates that meet regulatory, and compliance needs or customise your own policy.

With a Microsoft Office 365 DLP policy, you can:

• Identify any document containing sensitive information, such as a credit card number, across many locations including Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams
• Prevent the accidental sharing of sensitive information over email by automatically blocking the email being sent.
• Monitor and protect sensitive files in the desktop versions of Excel, PowerPoint and Word
• Educate your employees on how to stay compliant and how DLP can help them remain compliant by sending them notifications and policy tips.

DLP is a powerful way to protect sensitive information from being accidentally leaked into the wrong hands!

6. Turn On Advanced Threat Protection (ATP)

One of the most common cyber security threats comes from phishing emails, which often spreads ransomware via malicious links and email attachments. Even though you should be offering staff Phishing awareness training so they don’t click on suspicious links or attachments, you can’t rely on everyone being attentive at all times. It only takes one employee to click on one malicious link to cause severe damage to your sensitive data (and your valuable reputation).

7. Backup

For anyone that isn’t aware Microsoft has a shared responsibility that outlines what they do and don’t do. Microsoft clearly state that the customer is responsible for information and data, i.e. backups. They maintain the infrastructure for Microsoft 365 which includes replication, but this is not a backup that will protect from deletion, accidental loss or provide any kind of retention. This is where it is super important to have a backup solution in place. This needs to include comprehensive recovery and backup for Microsoft 365. Protection for Exchange, Calendar, OneDrive, SharePoint and Teams data with multiple daily backups and flexible restore options.

8. Train Your Employees

Establishing a strong culture of security awareness is a critical part of layered protection. Teaching employees how to maintain passwords, recognise phishing email, understand security features on their mobiles and laptops, and most importantly, understand and sign off on company security policies is an absolute must.

While security training is critical in today’s environment it’s often the most overlooked. It’s not a once-a-year tick, it needs to be a continuous ongoing requirement that employees engage with.

Whether you do this in-house or outsource it, appropriately trained resources should be tasked with developing, maintaining, and updating your security policies and programs – which should include regular employee training.

Case Studies