Blog

Office 365 Security Guide

Office 365 Security: Small businesses are the lifeblood of the United States. Did you know that there are 32.6 million small businesses in the country? A lot of these small businesses are also hiring employees.

We all know how Google shut down Google+ because of a security lapse, and Facebook also suffered from a breach that compromised 50 million accounts – a breach that cost them $644,000 in fines.

You may not hear about a small business suffering from data breaches on the news, but your business is probably being targeted by hackers. Many small businesses don’t have an in-house IT team to secure their systems.

That can only mean that security is lax, and vulnerabilities are left undetected. As such, small businesses are sitting ducks for attackers. According to Futurism, seven out of 10 hacking and cyberattacks target small businesses.

$644,000 might mean nothing for Facebook, a company that earned $40 billion in 2017, or more than 170 times that fine in a single day. But think of how that much money will impact your small business.

While you may not face such a significant fine, you will still have to deal with the loss of trust from your customers. Few consumers will give out their credit card details if they know you can’t keep it safe.

Using Office 365? You might have been breached

In May 2019, Barracuda Networks reported that hackers were targeting Microsoft Office 365 accounts, and a lot of these attempts were a success. According to the report, around 29 percent of organizations that use Office 365 were compromised in March 2019 alone.

Because of these incidents, hackers were able to send out at least 1.5 million spam and malicious e-mails. Did we get your attention? Good. But what’s even better is that you can easily protect yourself when you are using Office 365. Here’s how.

1. Enable multi-factor authentication.

This one seems elementary, but it deserves the first mention here. Strong passwords have been doing a great job of keeping out hackers. However, not everyone bothers to create a strong password.

Users want a password that they can remember easily. Websites like to create less friction between their service and their users. Way back in 2011, it was shown that a cheap graphics card has enough computing power to crack a password. It used brute force and succeeded in just a few seconds.

This is where multi-factor authentication comes in. While that might sound like a mouthful, it’s straightforward to use. Office 365 will send a code to your phone when you try to log in. Even if the hacker knows your username and password, they will not be able to access your phone.

As a small business, you can set up MFA for all your employees using Office 365 security. The first time you do this, it will ask all users to set up their phones for MFA.

This short video will show you how to set up MFA for your business.

2. Use data loss prevention tools

When you hear the words data breach, you often think of hackers in a dark room typing furiously and trying to get into your system. Or, perhaps someone acting as a janitor downloading your files from your computer while you’re out on a break.

The truth is far more boring than that. It could easily be Freya from accounting or Joe from sales. According to McAfee, 43 percent of data loss incidents are caused by internal actors.

And here’s the thing: Microsoft Office documents accounted for 25 percent of all stolen data. Imagine a rogue employee getting his hands on your company’s strategic plans and then sending it to your competitor.

How do you stop this from happening? Use the data loss prevention feature on Office 365. Like other DLP tools, you can set up policies that specify the sensitive, critical, or confidential files in your system. You will get notified when somebody violates these rules.

It will also stop the e-mail from being sent and block unauthorized access to sensitive information.

3. Use dedicated accounts for admin

Administrative users who run your Office 365 all have access to higher privileges. As such, a hacker would be looking for an admin user to gain access even to your restricted content.

Small business owners often use an admin account with its elevated privileges for regular work. You should have a separate admin account to handle the administrative tasks and another one for regular tasks.

You should always use multi-factor authentication with your admin accounts and be sure to close all browsers and apps before logging into your admin account.

Log out after every session, as well.

4. Turn on anti-malware settings in your e-mails

Office 365 protects you and your employees from malware. But you can make this stronger by blocking attachments that have certain file types.

This feature will instantly block attachments with filenames such as .app, .docm, and other file types that are commonly used to send malware over e-mail. What’s more, you can specify whether the system will delete the entire e-mail or just the attachment. You can also specify whether to send a default or custom alert text.

Protect your small business from ransomware

Ransomware is a type of attack wherein your computer and its files are locked by the hacker, preventing you from using or retrieving data from it.  You are then told to send money so that you can use your files again.

If you don’t send the Bitcoin ransom that the hackers asked for, you will forever lose access to your computer. As with malware, you can use Office 365 features to protect your business from ransomware.

First, you can block file types that are commonly associated with ransomware such as cmd, com, cpl, vbs, exe, and pif, among many others. You can also warn users about opening attachments that might contain macros. Ransomware is sometimes transmitted using macros.

 No more auto-forwarding e-mails

One of the first things that a hacker does after breaching a mailbox is to forward e-mails to an account that they control. This way, the user will not be aware of the attack. The hacker can send out e-mails, and all replies will be forwarded to him, instead of being received by the user.

You can set up Office 365 to stop auto-forwarding. Moreover, you can do this by creating a mail flow rule that will specify what types of e-mails are not to be forwarded. You can also specify what kind of content, the sender, message properties, and other rules will keep the account from forwarding the e-mail.

Office 365 security is simple for small businesses

When you have a small business, the last thing you want to worry about is your company’s security, as well as keeping your documents and emails safe.

Thankfully, Microsoft understands that most small business owners might not have the expertise to handle Office 365 security on their own, so they’ve included everything you need to secure Office 365 in the software package.

You just have to know where to look for it. Start with these six tips, and you are well on your way to keeping your Office 365 – and your business – secure.