Microsoft 365 is a leading cloud platform for businesses in Sudbury and the rest of the world. In February 2020, there were just shy of 51,000 businesses in Canada using the platform for their workflows.
But one mistake that many companies make is that they don’t configure their security settings to match their company needs.
When a business first signs up for cloud services through Microsoft 365, there will be some security protections turned on, but much of the cloud security is left in the hands of the user.
If you don’t realize that important anti-phishing or account compromise protections have to be turned on and configured, your business data can end up being at risk.
In a survey of companies in 26 countries, including Canada, it was found that 70% of them suffered a cloud data breach within the past 12 months.
There are several ways you can quickly increase the security of your Microsoft 365 business account to protect your system from malware and keep data from being compromised.
Multi-factor authentication (MFA) is perhaps the single best cloud account protection, as well as easiest, that you can implement.
Turning on MFA for all users in your Microsoft 365 account will prompt them to set up one of their devices to receive a login code. This will add a step in the login process that can keep out 99.9% of all fraudulent sign-in attempts because hackers will not have the device that receives the MFA code required to complete login.
Hackers can compromise a user account and then set it up so they’re receiving a copy of all the user’s email through an auto-forward. The user may not even realize this for months if they haven’t checked their email forward settings.
As a safety precaution, you can set up a mail flow rule that will prohibit auto-forwards of email from inside your organization to an email address outside your domain.
Do this by going to the Exchange admin center and creating a new rule in the mail flow category.
Conditions to set include:
The more employee user accounts you have that have admin level privileges, the more your account is at risk. It offers a hacker more opportunity to compromise a high-level account that can allow them to do major damage.
Instead of granting individual users admin privileges, create one dedicated account that is not used by a user. This account can be used by all admins when needed for admin activities. This reduces the risk of a high-level account being compromised.
While you have some anti-malware protections in Microsoft 365 by default, you can increase your level of protection by turning on a setting that blocks email attachments known to be used for malware.
66% of malware is introduced into a system from a malicious email attachment.
Here is how you can turn on that setting to help reduce your risk of a malware infection:
While you’re turning on the Common Attachment Types Filter to block email attachments, you can add several file attachment types in there that are known to be used for ransomware attacks.
While in the Common Attachment Types Filter, edit the file types being blocked to include: ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif.
Macros included in Word and Excel documents are often used to infect a system with malware. Users see a common document type they’re used to opening and don’t suspect that it could contain ransomware or malware.
Set up a rule that gives users a warning message if they receive an email containing a macro-enabled MS document.
Now use the following rules parameters, and click “Save” when done:
Haxxess can help your Sudbury area business with custom security settings in Microsoft 365 and other cloud platforms to ensure your data is properly protected.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.