Is Your Microsoft 365 Account Security Strong Enough? (Tips Inside!)

Microsoft 365 is full of security features, such as mail flow rules and protections against phishing attacks, however not all of these features are turned on by default.

If your business uses this cloud platform and hasn’t customized the security configurations, you could be leaving yourself open for a breach or ransomware attack.

Misconfiguration is a leading cause of data breaches. This is when a cloud application does not have strong enough security settings put into place.

8 in 10 U.S. companies have experienced a data breach due to cloud misconfiguration.

Cloud security is a big part of any Massachusetts company’s overall cybersecurity plan, and using the tools available in Microsoft 365 is vital to ensure your data and account stay protected.

Here are several tips for increasing the security of your Microsoft 365 business account.

1. Turn On Multi-Factor Authentication for Users

Credential theft has been on the rise as companies put more of their data in the cloud, accessible through a user login. Compromised login credentials account for 77% of cloud account breaches.

Turning on multi-factor authentication (MFA) can block a majority of attempted fraudulent sign-ins – as many as 99.9% according to Microsoft.

2. Enable Alerts for Suspicious User Activities

If a hacker has breached an account and is sending out spam and phishing emails on your domain, how will you know?

If you don’t have any alerts set up, this could happen for days before it’s discovered and can cause you to get your corporate domain put on blacklists by mail services.

Two important alerts you can set up in Microsoft 365 that will alert you to suspicious activity that could mean an account compromise are:

  • Sent mail volume that passes a certain threshold
  • User login from outside a specified geographical region/country

3. Turn On Additional Malware Protection

94% of malware is delivered via email directly to your user inboxes and can be contained in malicious file attachments.

Phishing emails are growing increasingly more sophisticated, using personalization and spoofing the signatures and email design of well-known companies.

You can add additional email protection by turning on a Microsoft 365 feature that blocks suspicious file attachments.

To do this:

  • Have an admin sign in at https://protection.office.com/
  • In the Security & Compliance Center, under Threat Management, go to Policy > Anti-Malware
  • Edit the default policy by double-clicking
  • Click Settings
  • Turn on the feature “Common Attachment Types Filter”
  • Click Save

4. Turn on Safe Links (Microsoft 365 Business Premium)

For those companies with a Microsoft 365 Business Premium account, in addition to blocking malicious file attachments, you can also block malicious website links.

URLs to dangerous sites are used in many phishing attacks and they can result in a drive-by download of malware or the theft of login credentials or other personal information in a spoofed sign-in form.

Safe Links can be enabled in the Security & Compliance Center, Policy area. What it does is match links against a database of known malicious phishing sites and block any found in incoming emails or prevent them from being shared in apps like Teams.

5. Block the Ability to Auto-Forward Mail Outside Your Domain

When a cybercriminal breaches a user’s Microsoft 365 account, they don’t always make themselves known by causing a lot of digital “noise.” They’ll often quietly forward the user’s emails to themselves and sit back and see what types of sensitive information they can obtain before being found out.

Another smart safeguard to put in place on your account is the inability to auto-forward email outside your company. This stops this common malicious activity.

To do this:

  • Go to the Exchange admin center
  • Set up a new rule in the mail flow category
  • At the bottom of the Create a new rule window, select More options
  • Set parameters that if a message sender is internal and the recipient is external and the message type is auto-forward, block action and include a warning message.
  • Select Save

6. Use Email Encryption (Microsoft 365 Business Premium)

Another option that Premium subscribers have is the ability to use email encryption. There is nothing you need to set up, but you do need to train your users how to use it and set a company policy on which messages it should be used for.

The email encryption option allows users to encrypt both the text and attachments of an email, making them impossible to read if a person is not the intended recipient.

This feature has two functions:

  • Encrypt
  • Do not forward

If you’re using sensitivity labels in Microsoft 365, you can tie email encryption into those label policies.

  • In Outlook for the PC, users will find this under Options > Permissions.
  • In Outlook online, users will find this under Protect > Change Permissions.

Get Help Configuring Your Cloud Security

Cleartech Group can help your Central Massachusetts business ensure you’re not leaving you data at risk due to cloud misconfiguration. We’ll help you put the proper safeguards in place!

Contact us today to discuss your options! Call us to chat at 978-466-1938 or reach out online.