The 6 Best Ways to Boost Security for Your Microsoft 365 Business Account

The 6 Best Ways to Boost Security for Your Microsoft 365 Business Account

Microsoft 365 is a leading cloud platform for businesses in Sudbury and the rest of the world. In February 2020, there were just shy of 51,000 businesses in Canada using the platform for their workflows.

But one mistake that many companies make is that they don’t configure their security settings to match their company needs.

When a business first signs up for cloud services through Microsoft 365, there will be some security protections turned on, but much of the cloud security is left in the hands of the user.

If you don’t realize that important anti-phishing or account compromise protections have to be turned on and configured, your business data can end up being at risk.

In a survey of companies in 26 countries, including Canada, it was found that 70% of them suffered a cloud data breach within the past 12 months.

There are several ways you can quickly increase the security of your Microsoft 365 business account to protect your system from malware and keep data from being compromised.

Implement MFA for All Users

Multi-factor authentication (MFA) is perhaps the single best cloud account protection, as well as easiest, that you can implement.

Turning on MFA for all users in your Microsoft 365 account will prompt them to set up one of their devices to receive a login code. This will add a step in the login process that can keep out 99.9% of all fraudulent sign-in attempts because hackers will not have the device that receives the MFA code required to complete login.

Prevent Email Auto-Forwards Outside Your Domain

Hackers can compromise a user account and then set it up so they’re receiving a copy of all the user’s email through an auto-forward. The user may not even realize this for months if they haven’t checked their email forward settings.

As a safety precaution, you can set up a mail flow rule that will prohibit auto-forwards of email from inside your organization to an email address outside your domain.

Do this by going to the Exchange admin center and creating a new rule in the mail flow category.

Conditions to set include:

  • Apply rule if sender is internal
  • Add condition: If recipient is external
  • Add condition: If message properties are Auto-forward
  • Action: Reject the message an include explanation
  • Explanation text: Auto-forwarding outside the organization is prohibited

Reduce Your Admin Account to Just One Dedicated Account

The more employee user accounts you have that have admin level privileges, the more your account is at risk. It offers a hacker more opportunity to compromise a high-level account that can allow them to do major damage.

Instead of granting individual users admin privileges, create one dedicated account that is not used by a user. This account can be used by all admins when needed for admin activities. This reduces the risk of a high-level account being compromised. 

Increase Anti-Malware Protections

While you have some anti-malware protections in Microsoft 365 by default, you can increase your level of protection by turning on a setting that blocks email attachments known to be used for malware.

66% of malware is introduced into a system from a malicious email attachment.

Here is how you can turn on that setting to help reduce your risk of a malware infection:

  • In the Security & Compliance Center, go to Threat management > Policy > Anti-Malware
  • Double-click to edit the company-wide default policy
  • Select “Settings”
  • Select “On” under “Common Attachment Types Filter”
  • You’ll see the file types that will be blocked and can edit this list
  • Select “Save”

Block Ransomware File Types

While you’re turning on the Common Attachment Types Filter to block email attachments, you can add several file attachment types in there that are known to be used for ransomware attacks.

While in the Common Attachment Types Filter, edit the file types being blocked to include: ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif.

Warn Users About Macros

Macros included in Word and Excel documents are often used to infect a system with malware. Users see a common document type they’re used to opening and don’t suspect that it could contain ransomware or malware.

Set up a rule that gives users a warning message if they receive an email containing a macro-enabled MS document.

  • To do this go to the Exchange admin center > mail flow category > rules
  • Create a new rule
  • Select more at the bottom of the dialog box

Now use the following rules parameters, and click “Save” when done:

  • Name: Anti-ransomware rule: Warning to Users
  • Apply Rule if: Any attachment matches file extensions…
  • Designated extensions: dotm, docm, xlsm, sltm, xla, xlam, xll, pptm, potm, ppam, ppsm, sldm
  • Add message: “Do not open these types of files unless you were expecting them and have confirmed validity. These files types may contain malicious code that runs in a macro.”

Is Your Microsoft 365 Account Properly Secured?

Haxxess can help your Sudbury area business with custom security settings in Microsoft 365 and other cloud platforms to ensure your data is properly protected.

Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.