Thank you, our adivisors will calling you.
par Lepide • 02 Oct 2019
If you’re a small business or even an enterprise organization using Office 365, cyber-criminals, hackers and opportunist insiders could be targeting potential weaknesses in your security right now. To combat these threats, we’ve put together this list of six best practices to help you improve the security of your Office 365 environment.
The best practices in this blog will primarily focus on SharePoint, OneDrive, Groups and Microsoft Teams workloads, so if you are more heavily using other O365 workloads then they may not fully apply to you.
This should probably be the first thing that you do once moving to Office 365, and most admins know this already. Weirdly, MFA is not enabled by default so you will actually have to do this manually yourself.
MFA makes it significantly harder for attackers to compromise accounts and Office 365 offers numerous different methods of multi-factor authentication to choose from; from a mobile app, text message or call.
You can enable MFA easily through the Microsoft 365 Admin Center.
One of your biggest priorities should be to try and stablish a culture of security awareness within your organization, at all levels. This includes training your users on how to identify and correctly react to phishing attacks. Microsoft provides some great guidelines on how users can protect email accounts, including using strong passwords, protecting devices and enabling security features.
Admin accounts contain elevated privileges, which makes them a target for attackers. Admin accounts should therefore only be used strictly for administration purposes, and admins should have separate dedicated user accounts so that they do not have to always be using their admin account. Make sure that admin accounts have MFA enabled and that admins log out of them immediately after administrative work has been completed.
Office 365 does come with malware protection built in, but it’s also a good idea to block attachments with file types that you know are commonly used in phishing attacks. This could help you potentially avoid a nasty piece of malware that the automatic malware protection did not catch. You can improve the malware protection in Office 365 through the Office 365 Security and Compliance Center. In the Threat Management section there will be an Anti-Malware Policy that you can go into. Within that policy you can choose to enable the Common Attachment Types filter to help you filter out potentially dangerous file types.
If you’re hit by a ransomware attack, it’s likely that critical files and folders will get encrypted, or computer screens locked. The downtime this can cause is likely to have disastrous consequences to the bottom line and reputation of the organization.
There are some steps within Office 365 that you can take to avoid this happening to you. In a similar way to protecting against malware, you can block certain file types or warn users about potentially dangerous emails using mail flow rules. Mail flow rules can be created in the Exchange admin center.
A vital part of ensuring that your Office 365 is secure is to monitor changes taking place to critical data and permissions. The first step in doing this is to go into the Office 365 Security and Compliance Center and enable Audit log search. It will take a few days for the logs to come pouring in, so make sure you enable auditing as soon as you can.
Unfortunately, you’re probably not going to have the time it takes to trawl through these audit logs and identify suspicious or anomalous change activity. It’s probably wise that you deploy a third-party Office 365 auditing solution to help automate this process for you. LepideAuditor, for example, consolidates raw log files into actionable audit data, analyzes user behavior and can alert you when anomalous or unwanted changes take place.
If you would like to see how LepideAuditor, an help you improve Office 365 security, start your 15-day free trial today.