Does your Microsoft 365 account have the best security settings in place? Often companies leave settings at defaults or don’t know the options they have for protecting their account.
When you don’t properly set up cloud service security, it’s called “misconfiguration” and it’s one of the leading causes of data breaches. Approximately 66% of organisations leave their cloud data vulnerable to hackers because of misconfiguration.
This happens because administrators at many Brisbane businesses that use a cloud platform like Microsoft 365 may not be aware of security settings that are available, or they don’t realise they need to do any custom configurations at all.
The fact is that Microsoft 365 has a robust set of security enhancements, but many of them have to be configured by users and aren’t in place by default. If you’re unsure just how secure your account is, here are several of the best ways to improve the security of your account.
Configure These Microsoft 365 Account Settings to Keep Your Cloud Data Safe
Stop Email from Being Auto-Forwarded Outside Your Company
A tactic that hackers sometimes use once they’ve breached a users’ Microsoft 365 account is to auto-forward their emails so they can steal any sensitive information that may come in. This tactic also allows the hacker to gain access to other accounts the user may have because they’ll be getting the password reset emails.
A good security measure to put in place is to block the ability for mail to be auto-forwarded outside your domain. To do this, you’ll create a new mail flow rule in the Exchange admin center.
These are the parameters to set up for the rule:
- Name the rule “Prevent auto forwarding of email to external domains”
- Apply rule if: Sender is internal
- Add condition: Recipient is external
- Add condition: message properties include message type “Auto-forward”
- Do the following: Block message and include explanation
- Message text: “Auto-forwarding outside this organisation is prohibited”
Enable Multi-Factor Authentication
What can you do to prevent 99.9% of fraudulent sign-in attempts, even if the hacker has the user password? According to Microsoft, it’s turning on multi-factor authentication (MFA).
When this feature is enabled in your Microsoft 365 account settings, all users will be prompted to set up a device to receive the MFA code upon their next sign-in. This is an important protection against insider attacks due to account breaches.
Use a Dedicated Global Admin Account
Microsoft allows Microsoft 365 business accounts to set up a dedicated global admin account without having to pay an additional license fee. This is because this is a best practice to keep your account more secure and prevent a hacker gaining access to an account with admin privileges.
With the one dedicated account system, any admins you have at your business do not have those high-level privileges attached to their individual accounts. Instead, they can log in to the dedicated global admin account and then log back out when finished with administrative tasks.
This reduces the number of accounts available with admin privileges and also keeps that one account safer because it’s not being used for other activities like email.
Block Potential Malware & Ransomware Attachments
You can improve your protection against IT security threats and phishing attacks by automatically blocking file attachments that are known to be used for malware infections.
This includes adding more files types to further boost the default protection that’s available in the platform. Microsoft recommends adding the following file types to the block list: ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif.
Here is where to go to turn on and edit this feature:
- Go to the Security & Compliance Center
- Go to Threat Management > Policy > Anti-Malware
- Edit the company-wide policy by double-clicking
- Select Settings
- Look for Common Attachment Types Filter, and turn it On
- Edit the blocked file types by adding the above recommendations
- Click to Save
Use Email Message & Attachment Encryption (Premium)
Microsoft 365 Business Premium subscribers have an email encryption feature they can use to increase the security of sensitive email messages.
Office Message Encryption is already set up and ready to go, but people need to know it’s there and be given instructions on how and when to use it. This encryption feature can also be used as part of policies that you set up with security features like sensitivity labels.
Message encryption allows you to add both encryption and do not forward protection options to messages.
To send encrypted mail, users in Outlook for PC will:
- Click Options > Permission
- Choose Encrypt
To send encrypted mail, users in Oulook.com will:
- Select Protect
- Click Change Permissions > Encrypt
Get Help Properly Configuring Your Cloud Account Security
Platforms like Microsoft 365 have multiple security options, and it’s natural for users to get confused with these. Connected Platforms can handle cloud security settings for you and help keep your Brisbane company’s accounts more secure.