With Microsoft 365 (MS365, formerly Office 365) having millions of active users, it can be a tempting target for cyber attackers. Not only are there millions of accounts to breach but, once breached, each 365 account allows extensive access across a number of data types and connections. One compromised Microsoft 365 account gives access to Outlook, OneDrive, Word, PowerPoint, SharePoint, and Teams. Not only would this give attackers access to valuable data, but the compromised account could also be used as a means of spreading malware and extending the attack.
In 2022, IBM calculated that 83% of organizations suffered more than one data breach, and that the average cost of such a breach was 4.53 million dollars. Those figures could be devastating for many organizations so, with that in mind, it’s important to do everything you can to ensure your network is protected against cyberattacks.
Microsoft 365 has an inbuilt suite of advanced security tools to protect your applications and your data. It is essential that you understand how you are protected and that these settings are properly configured so you can make the most of Microsoft’s expertise. Once this is done, you will know what threats you are protected from, and what additional security tools you should consider investing in.
In this article, we’ll cover some of the best ways to keep your users’ Microsoft 365 accounts safe and secure.
Multi-Factor Authentication
Ensuring that you have Multi-Factor Authentication (MFA) enforced on your users’ accounts is the single best thing you can do to protect them against credential-related compromise. MFA is a way of confirming a user’s identity in at least two ways.
MFA is effective as it provides a high level of certainty that only valid users gain access to their accounts. This is achieved by cross referencing a user with multiple ways of confirming their identity. This ensures that a user has access to an account linked to them, has knowledge that only the verified user has, or can verify their identity biometrically.
In addition to a password and username login, for example, a user might have to use a One-Time Password (OTP) or authenticator app before being granted access. Biometric factors – such as fingerprint or facial recognition scans like FaceID – are also becoming increasingly common in the workplace, thanks to their widespread use in smartphones, tablets, and laptops.
It is important to understand how MFA can keep you safe, and what it is unable to do. MFA confirms that only verified users are permitted access to their accounts. This ensures that users’ accounts cannot be accessed by an attacker that has obtained a user’s login credentials. MFA cannot, however, take proactive steps to remediate an attack, or address any malware one it is active on your network. If there is an internal breach, MFA does not protect against data leakage or lateral attacks.
For more information on how MFA works, why not read our article:
From a user perspective, MFA is seamless – we are used to having MFA on our banking apps, and even for logging into social media applications. This ensures that MFA will be readily adopted by your users. For the amount of security MFA gives you and the ease of use, MFA is an effective and efficient means of protecting your Microsoft 365 accounts.
For more information on The Top Authentication Solutions For Microsoft Office 365, read our article here.
Email Security
Microsoft 365 comes with a host of pre-set security tools that are designed to protect you from a diverse range of threats. These predominantly include blocking spam and phishing emails, thereby preventing nuisance mail, as well as malicious.
These policies are based on information and analysis from Microsoft’s own Security Operations Centers (SOCs). These policies are designed to prevent new and emerging threats, without causing users unnecessary disruption.
Admins can select between standard protection or strict protection. The standard protection option is suitable for most users, while the strict protection setting is designed for privileged users who are likely to be targeted. It is important that admins ensure relevant or vulnerable accounts have this security setting applied. These pre-set security policies can be applied to individual users, groups, or at a domain level.
There are also a range of third party email security solutions on the market to defend O365 against email threats. For more information on the most effective SEGs on the market, you can read our article here:
Set File Sharing Settings
Many cyberattacks work by installing a malicious piece of software on your device. This can then snoop on your activity, access your files, or lock you out of your system. The challenge for hackers is to convince users to install the software in the first place.
One way that hackers convince users to download the software is through disguising it as a different, trusted file. A user will think they are downloading a word doc or a software update, but actually download a malicious file. To prevent this, it is essential that you have procedures in place to prevent malicious files from being shared and downloaded.
Another often overlooked way of disseminating malware is through online calendars. In a busy working environment, sharable calendars have made it much easier to find times that work for all relevant parties. The issue lies in fake calendar invites that appear to come from a trusted source, with a .ics attachment. Usually, clicking on this link will add a meeting to your calendar application. However, with fake invites, this .ics file actually contains malware. Rather than being added to your calendar, a click on the link will download and install the dangerous software.
In order to prevent this, you should only allow internal users to share calendars with each other. By ensuring that only known accounts – ones in your organization – are able to schedule meetings, you decrease the chance of falling for this type of attack. This, therefore, makes it harder for an attacker to infiltrate your network. If users need to plan meetings with external contacts, these can be added manually. Alternatively, you can grant external users access on a case-by-case basis.
You should also ensure that your organization’s file sharing policies are configured correctly. As with calendar invites, you want to ensure that files contain only the information that is expected. You might choose to limit the type of files that can be shared or limit the users who are permitted to distribute this data.
Not only will correctly configured sharing settings decrease the likelihood of users downloading malicious software, but they can also prevent your company from losing data through sharing the wrong files with the wrong users. This is particularly relevant for organizations who handle Personally Identifiable Information (PII) or have to conform to regulatory data protection standards.
Further Security Recommendations
Microsoft 365 is a tremendously useful suite of applications that make working hassle free. You can access documents stored in the cloud, and work on them from a wide range of devices, in various locations.
The solution hast a range of good security tools that can help to mitigate against some attacks. A cautious – belt and braces – approach to cybersecurity is never a bad idea. With this in mind, we’ll consider some of the additional tools that you can incorporate with your MS 365 account to secure your data and protect against attacks.
Privileged Access Management
Within your organization, not all accounts will need the same amount of access and control. You should ensure that as few accounts have “privileged” access as possible. This way, if a standard user account is breached, the attacker will have limited direct control and access to critical corporate data stored in high-tier applications. They can, however, still work their way up to gain access through messaging contacts in a senior position.
The first thing you should do, then, is limit the number of accounts with advanced access and control. By reducing the number, you reduce the risk. In practice, there is very little need for all accounts to have the same level of privilege. Instead, you should tailor accounts to only have access to the services and network areas that they need to complete their jobs, and for as long as they need it to carry out their work.
For admin accounts that do require privileged access, you should ensure that these are adequately protected. Privileged Access Management (PAM) solutions allow you to monitor and control which accounts have privileged access, and what they have access to. With these solutions, you can ensure that each privileged user can have access that is relevant to their role, and nothing more.
When choosing a PAM solution, it is important to look for a solution that gives you visibility over users and the levels of access they have. It should be quick and easy to adjust these policies, as required.
Some PAM solutions will require users to request permission before being allowed access. Once granted, this access will only last for the length of the session. This can be a more secure way of managing access as it requires explicit confirmation and oversight on each occasion. It is, however, time consuming and requires ongoing admin engagement to allow a user access each time they ask for permission. The danger that remains with this type of access is social engineering, as admins can be tricked into granting access to malicious, fraudulent users.
To get around this, some other solutions store privileged account credentials in a secure vault and require users to verify their identities before they’re granted access to that vault. Others still inject credentials directly into a user’s login session once they’ve been verified, so that the credentials are never exposed to the user – whether legitimate or malicious.
For more information on the top PAM solutions on the market, and a breakdown of their features, you can read our article here:
Endpoint Protection
For Windows users, turning on Windows Security is an important step. This scans your users’ systems to ensure that they are free from malware, viruses, and other security threats. This ensures that your accounts are protected, alerting you to threats that are already active on the system so they can be remediated, and preventing other known threats from reaching your users endpoints via vectors other than their Microsoft 365 accounts.
For Mac, Linux and Windows users, it is worth investing in an endpoint protection solution. This could take the form of an endpoint security solution, Endpoint Detection and Response (EDR) platform, anti-malware/virus, or firewall. These work in different ways, but all provide an extensive layer of security to your accounts and systems.
Read our guide to the top endpoint protection solutions:
Endpoint Detection And Response (RDR)
EDR solutions, alongside XDR (Extended Detection and Response), and MDR (Managed Detection and Response), proactively monitor your endpoints to identify malicious content and enact remediation procedures. These solutions can have very advanced means of identifying dangers – these include sandboxing, content disarm and reconstruction (CDR), and time-of-click URL scanning.
For organizations who do not have the technical resource to configure this themselves, MDR provides an advanced managed security service. This means you can access enterprise level security, without having enterprise level expertise in-house.
To understand the different EDR solutions that are on the market, read our top 10 article:
Firewalls
Firewalls, on the other hand, act like a gateway to your network and prevent malicious or harmful content from gaining access. A firewall will use several pre-set policies to monitor content and block dangerous files before they are allowed onto your network. Firewalls can be deployed as a hardware, software, or cloud solution, depending on how your organization operates.
For more information about the key features of the best firewalls on the market, read our article here:
Anti-Malware And Anti-Virus
Anti-malware and anti-virus (AV) tools are another important tool in your fight against cyberattacks. While most computers and applications will have some form of inbuilt anti-virus and malware protection, the quality of this will differ from system to system. These solutions work by scanning all content that enters your network and looking for signs that it is suspicious or a known threat.
You can read more about the best anti-malware and anti-virus tools in our guide below:
Microsoft Defender
Microsoft has its own endpoint security solution: Defender ATP. This is compatible with Windows, Mac, and Linux endpoints, and while it is not a part of the MS365 package, it readily integrates with it. Defender is predominantly an anti-malware solution, though it also has web protection features to identify harmful links, and identity theft monitoring to manage any instances of identity theft.
It is important that you use one of a combination of these solutions to identify malicious content that has infiltrated your system or bypassed other security protocols. EDR, anti-virus, and firewall solutions can be complicated to set up and need specific configuration. If you have the resource within your organization, investing in EDR or a firewall is a must. If you have less dedicated security resource, then it’s still worth considering and endpoint security solution, as they provide strong protection against malware and viruses but are generally easier to implement.
Backup And Recovery
The MS365 platform is cloud based, meaning that you can store and work on your files from any location with a simple log-in. You can easily expand your storage amount, without needing to invest in expensive hard drives and other data storage solutions.
The issue with storage in MS365 is how long these files are backed up for. In fact, Microsoft doesn’t provide a comprehensive data backup solution; instead, data is protected for between 30-90 days. After this time the backup is deleted.
If your system falls victim to a ransomware attack, a complete and up-to-date backup can mitigate the danger of the attack. Rather than catering to the attacker’s demands, you can restore all your data from a previous backup and continue working.
To ensure that you do not lose data during an attack, investing in an effective backup and recovery solution is a must. These will automatically scan and make copies of all of your data and store it securely. This is a frictionless solution that end users won’t even notice and can be set up to run at periodic intervals, ensuring that your backups are never forgotten.
To learn about the best backup solutions on the market, you can read our article here:
Summary
Microsoft 365 has robust inbuilt security features designed to protect you and your accounts. Because of this inbuilt security, users and admins rarely check to ensure that settings are properly configured, and there are no vulnerabilities, leaving the door open to attackers ready to exploit those vulnerabilities. It is worth taking the time to understand what security features are already in place, and what more you can do.
The inbuilt security is technically advanced and does a good job of keeping you safe. When it comes to cybersecurity, it is always worth having a cautious and sceptical approach. It might make sense for your organization to install an EDR, PAM, or MFA solution, for example, to use in conjunction with your Microsoft 365 accounts.
MS 365 can empower your employees to work in an efficient and effective way – you easily access and share materials across your organization, making collaboration easier than ever before. If such an instrumental solution at the heart of your organization is attacked, it can be complex and costly to resolve. This is, of course, mitigated with effective configuration of native security features and selective implementation of additional tools.
