If you are using any of Microsoft’s business plans, you are likely to be targeted by hackers. The following guide will help you boost the security of your organization. This guide will help you meet the goals outlined in the handbook by Harvard Kennedy School Cybersecurity Campaign.
If you have Microsoft Business Premium, you can set up security by following the guide in Microsoft’s Library: Microsoft 365 for Smaller Businesses and Campaigns. The guidelines here were outlined in partnership with Microsoft’s Defending Democracy team. The guide protects small business customers against cyber threats.
It is crucial that you determine your Microsoft 365 Secure Score in Microsoft’s 365 security center. There is a centralized dashboard from where you can improve the security of your Microsoft 365 apps, data, devices, identities, and infrastructure. You gain points for installing the recommended security features and addressing recommendations with third-party software or application. Here are ways you can secure Microsoft 365.
1. Set Up Multi-Factor Authentication
Multi-factor authentication is the easiest and most effective way of boosting the security of your firm. Logging in to multi-factor authentication entails typing a code sent to your phone so you can access Microsoft 365. This is also known as 2-step verification. This move prevents hackers from accessing your account if they know your password.
To add the 2-step verification to your Microsoft account, you need to add a setting that requires you to log in with multi-factor authentication. After making this change, you will be prompted to set up your phone for 2-factor authentication the next time you are logged in.
2. Create Awareness
The Harvard Kennedy School Cybersecurity Campaign handbook provides further guidance on how to promote security awareness in your organization. This includes training users on how to spot phishing attacks.
Microsoft also recommends users to use strong passwords, protect their devices, and enable the security features on their Windows 10 and Mac PCs. Users are also required to protect their email accounts.
3. Use Dedicated Admin Accounts
The administrative accounts used for administering your Microsoft 365 environment have elevated privileges. Hackers and cybercriminals target these accounts. It is recommended that you use these accounts for administration alone. Administrators should have a separate account for their non-work-related functions. The administrative account should only be used when completing a job-related task.
Additional recommendations are that your admin accounts must be set up for 2-factor authentication. Furthermore, you should close all unrelated apps and browser sessions when using admin accounts. When you finish using your admin account, make sure you close the browser.
4. Raise The Level Of Protection Against Malware In Mail
Malware is one of the standard methods that hackers use to launch attacks. This is a virus-riddled malicious software used to attack your systems. It helps criminals block access to files, disrupt systems, and steal critical data. Although your Microsoft 365 environment has protection against malware, you can raise the level of security by preventing attachments with file types commonly used for malware.
5. Protect Against Ransomware
Ransomware is malware that encrypts a person’s files. The attacker demands for money in exchange for a decryption key. The attacker requires the money to be sent in the form of cryptocurrency to hide their identity.
To protect yourself against malware, create one or more mail flow rules that block file extensions mainly used for ransomware or warn users who get these attachments in their mail. The first rule should warn users not to open file attachments that include macros, especially if they come from people you do not know. Secondly, users should be warned to block files that contain malicious code.
6. Stop Auto-Forwarding For Email
A cybercriminal who can access your mailbox can exfiltrate mail by configuring the mailbox to forward emails automatically. This happens even without your knowledge. To prevent this, make sure you configure a mail flow rule.
7. Use Office Message Encryption
Office message encryption is a feature that is already set up in Microsoft 365. This feature allows your organization to send and receive encrypted email messages. This feature supports Yahoo!, Gmail, Outlook.com, and other email services. This encryption ensures only intended recipients can look at the content of your messages. With this feature, there are two ways you can send mail. You can either choose not to forward an email or encrypt an email.
8. Protect Your Email From Phishing Attacks
Hackers use social engineering through text, email, IM, and pop-up messages to lure victims into opening links or downloading files. These files then damage the operating system, resulting in data theft or are used to intimidate users.
If you use one or more custom domains with your Microsoft 365 environment, you can configure them for targeted anti-phishing protection. Microsoft Defender for Office 365 comes with anti-phishing protection to protect your organization from phishing attacks. However, if you do not have a custom domain, this feature is not necessary. For additional information on setting up anti-phishing policies, refer here.
9. Ensure You Only Open Safe Attachments
Users usually receive, send, and share attachments in the form of presentations, spreadsheets, and documents. It is difficult to determine if an attachment is malicious or safe. Microsoft Defender for Office 365 has a feature that allows Safe Attachment protection. However, you must turn on this feature. This protection extends to files used in OneDrive, SharePoint, and Microsoft Teams.
10. Use Safe Links To Protect Yourself From Phishing Attacks
Cybercriminals are notorious for hiding malicious websites in links. These links are sent to you through emails or other attachments. One of the best practices to prevent a cybersecurity breach is not clicking on unfamiliar links.
Microsoft Defender for Office 365 has a feature known as Safe Links. This protects your organization by verifying web addresses in office documents and email messages. You need to modify the default policy in the Safe Links feature and add a policy that targets all recipients in your domain.
Microsoft 365 Business Premium is a subscription service that applies to businesses with less than 300 employees. It features office productivity apps and services and also collaboration tools such as Microsoft Teams. This service has advanced security and device management features that protect your organization from weak sign-in credentials, users who copy or save data from your organization on personal apps, users who install third-party applications with weak security, and email vulnerabilities. This guide summarizes some of the steps you can take to fully optimize the security features of Microsoft’s Business Premium