During the midst of the pandemic as more organizations were rapidly moving to cloud productivity tools, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) put out an alert to warn users of rapid Microsoft 365 deployments.
The issue found was that companies were migrating to the cloud platform quickly due to pandemic-related lockdown orders and were often not putting proper security settings into place.
The organization stated, “CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks.”
We’ve found that many organizations suffer from cloud misconfiguration, which means they haven’t put the proper security settings into place on Microsoft 365, or another cloud platform. Companies tend to rely on defaults, which often don’t offer the best level of protection.
If you’re worried that your account may not be as secure as it should be, we have several quick tips below to help you adopt best practices and protect your Microsoft 365 account from being compromised.
1. Enable Alerts for Suspicious Activities
If a hacker breaches an employee account and begins sending tons of phishing emails, it could be a day or two before you realize this is happening. By that time, a lot of damage could be done to your business reputation.
Setting up alerts in Microsoft 365 is simple and it lets your administrator know immediately if there are any signs of trouble with your account so it can be handled immediately.
There are several alerts that you can set up in the Security and Compliance Center in Microsoft 365, here are two that are very helpful:
- Alert for accounts exceeding a certain threshold for sent emails
- Alert for logins from suspicious locations
2. Enable MFA for All Users
Microsoft says that it sees about 300 million fraudulent sign-in attempts on its services each day and that multi-factor authentication (MFA) can stop 99.9% of those attacks.
This is one of the best account protections you can put in place and you can enable it for all users at the flip of a button.
Once enabled, users will be prompted to set up a device that will be used to send the MFA login code to during login. This code is entered along with the username and password. Even if a hacker gains access to a password, they typically can’t bypass the MFA code requirement.
3. Turn on Safe Links (Premium Accounts)
Links are used far more in phishing attacks these days than file attachments. This is because users aren’t usually as suspicious of links, and also, phishing emails without an attachment and containing only a URL don’t technically contain malware, so they can get past many email filters.
For users with a Microsoft 365 Business Premium account, Safe Links can be enabled in the Security & Compliance Center.
What this feature does is check links in incoming emails, and if it detects that it links to a malicious site, the link can be disabled.
4. Use One Dedicated Global Administrator Account
The more user accounts you have with administrative privileges in Microsoft 365, the higher the risk for a data breach of a high-level credential. When admin credentials are breached, it’s worse than a standard user, because the hacker will have the ability to change multiple system security settings.
Set up a free dedicated global administrator account and then remove admin account privileges from individual user accounts. Instead, each admin will just sign into the dedicated global admin account and sign back out when finished.
To further enhance security of this account:
- Make sure it’s using MFA
- Before using the account, close out of all unrelated browser sessions and apps
- Log out of the browser session once admin tasks are completed
5. Turn Off the Ability to Auto-Forward Email Externally
If a user account is breached, it may not be detected for months if the hacker is just quietly stealing data and not making much noise otherwise. One way they do this is by setting up an auto-forward of the breached account’s email to their own email address.
This can allow them to get password reset notices for other user accounts (banking, etc.) and potentially other sensitive and confidential company data.
You can block this capability by setting up a mail flow rule:
- In the Exchange admin center, select “rules” in the mail flow category
- Click to create a new rule
- Select “More options” at the bottom of the dialog box
- Apply the following settings, below
- Click Save to save your rule
Auto-forward blocking rule parameters:
- Setting: Reject Auto-Forward emails to external domains
- Name: Prevent auto forwarding of email to external domains
- Apply rule if: Sender is internal (inside your company)
- Add condition: If recipient is external (outside your company)
- Add condition: If message properties, message type includes Auto-forward
- Do the following: Block message, reject and include an explanation
- Add message text: For example, “Auto-forwarding email outside this organization is prohibited.”
Get Help Securing Your Cloud Accounts Today!
Don’t leave Microsoft 365 or other cloud platforms with misconfigured security settings. Digital Crisis can help your Houston area business to secure your cloud data and accounts.
Contact us today to schedule a consultation. Call 713-965-7200 or reach us online.