Misconfiguration of your Microsoft 365 accounts poses a significant risk to the security of your cloud data, a concern especially crucial for the modern small and medium sized business. When organizations fail to appropriately adjust their cloud platform security settings, they inadvertently expose their accounts to potential threats like data breaches, business email compromises, or account takeovers.
Shockingly, a staggering 90% of organizations currently find themselves vulnerable to breaches due to misconfigured cloud settings. Often, businesses make the mistake of assuming that default settings, such as those in M365, will suffice for their unique needs. However, these defaults aren't universally suitable; they are meant to provide flexibility, anticipating that companies will tailor their settings to match their requirements. M365 offers numerous additional security features beyond default settings, but users must proactively engage with these areas, either by configuring them personally or enlisting the expertise of an IT professional.
In the following section, we outline some of the most effective configuration enhancements to bolster the security of your Microsoft 365 accounts.
*The below suggestions are actions that businesses can take now to quickly improve the security of your M365 environment and it's users. However, properly managing your M365 environment is more involved and should be done by someone fluent in M365 development.
Implement Multi-Factor Authentication (MFA) for All Users
At Cloud Matrix IT, a cybersecurity-first mindset is all about safeguarding your digital assets. One of the most effective measures you can take to thwart credential compromise, which has emerged as a leading cause of data breaches, is enabling multi-factor authentication (MFA) for all your Microsoft 365 user accounts. According to Microsoft, activating MFA can slash your risk of fraudulent sign-ins by a staggering 99.9%.
To enable MFA, simply access the Microsoft 365 admin center using your global admin credentials. Navigate to the Azure Active Directory, located within the Admin centers section in the left-hand navigation menu, and then select Azure Active Directory > Properties. From there, access the MFA setting via Manage Security defaults. Once enabled, your users will be prompted to set up two-step verification on their devices. While this is one method of providing MFA for your users, the more optimal way is to configure a conditional access policy. It is more involved but provides greater flexibility.
Utilize a Dedicated Admin Account
Administrator accounts are prime targets for cybercriminals due to the substantial damage and sensitive information they can access. To fortify your defenses, establish a dedicated admin account within Microsoft 365. This specialized account is not an additional expense, as it is solely intended for administrative purposes, excluding email and other user activities. This isolation enhances security by reducing the risk of phishing attacks targeting the admin account.
Your administrators will maintain a standard user account for daily operations but switch to the dedicated admin account when conducting administrative tasks. After completing their duties, they can seamlessly switch back to their regular user account.
Prevent Email Auto-Forwarding
Hackers who infiltrate a user account don't always make their presence known. They may secretly set up email auto-forwarding, enabling them to intercept crucial emails like password reset notifications and sensitive company data. Since most users seldom review their email forwarding settings unless necessary, this threat can go undetected for extended periods.
Enhance Malware & Ransomware Protection
While Microsoft 365 offers a baseline of protection against ransomware and malware, it can be further strengthened. For instance, you can broaden the scope of blocked file types to include those commonly exploited for malware distribution.
To make these adjustments, visit https://protection.office.com and log in with your admin credentials. Access the Security & Compliance center and navigate to Threat management, then select Policy > Anti-Malware. Double-click to edit the default policy and access the Settings. Under "Common Attachments Types Filter," enable the option to block certain file types, enhancing your defense against malware.
Leverage Safe Links to Counter Phishing Attacks (Business Premium)
Phishing attacks frequently employ links rather than file attachments, and yet, many companies lack sufficient protection against malicious links. If you're using Microsoft 365 Business Premium, you can utilize the safe links feature to scrutinize and modify potentially harmful links, reducing the risk of users falling victim to phishing URLs.
Harness Microsoft Secure Score
Microsoft Secure Score is a valuable tool for evaluating your security posture within Microsoft 365, benchmarking it against other companies of similar size or within your industry. Access this tool at: https://security.microsoft.com/securescore using your administrative credentials.
It offers insightful recommendations for elevating your security score and provides guidance on how to implement these enhancements effectively. At Cloud Matrix IT, we proactively manage this for our clients and leverage this to fortify their security measures continually.
Need help securing your Microsoft 365 environment? Let's schedule some time to chat and discuss how we can help you secure your environment.