Securing Your Organisation’s Office 365 Environment

Uploaded on 2019-08-27 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The number of cyber-attacks targeting Office 365 (O365) are on the rise. However, despite warnings from the UK’s National Cyber Security Centre, many organisations aren’t fully aware of the risks or struggle to know how to best defend their business against them. By Chester Avey

If your business uses O365 or is considering migrating to the service, then here’s some top tips to help keep your business secure.

Enforce multi-factor authentication 
It is often the smallest things that make the biggest difference to your cyber security – and one of the best, and simplest, ways to secure O365 is through the use of multi-factor authentication (MFA). With MFA enabled, all your organisation’s O365 users will be sent a code to their mobile phone when they try to log in to their account; meaning that in the event that a criminal is able to obtain a user’s password, the person will not be able to access to the account.

It is actually very easy to set up multi-factor authentication in O365 and while it elongates the procedure of logging in, it is certainly worth it due to the extra layer of security it provides. 

Manage from dedicated admin accounts
Some businesses make the mistake of using a single account to administrator O365. While this is often more convenient way of working it actually significantly increases overall cyber security risk. If an administrator account is compromised, criminals will likely obtain access to the whole environment.

It is a much better idea then, to keep administrative accounts separate to the ones used on a day-to-day basis. To reduce the risk of an admin falling foul of a phishing, it’s also advisable that these accounts are not set up with a licensed mailbox. 

Use full mailbox audit logging
Another way to improve O365 security is to activate full audit logging – which will help to improve visibility of user actions across your whole environment. This includes visibility of which users are logging in and from where. 
You can then use network and endpoint monitoring systems like SIEM in order to help detect threats and respond to them by improving the effectiveness of the identification of tactics and techniques used by cybercriminals.  

Provide staff with training
One of the most valuable things that any organisation can do to improve the security of O365, is to provide cyber awareness training to staff. People continue to be the weak link in the cyber security chain so improving knowledge can be an extremely valuable thing to do. 

Of course, it is essential that this training is regularly updated to recognise the latest security risks, such as phishing attacks against O365 users. 

Disable email auto forwarding
In the event that a hacker is able to gain access to a user’s O365 account and mailbox, a common tactic is to send copies of any incoming emails to another address. This allows them to continue to eavesdrop on communications should they lose access to the account.

Nevertheless, this kind of attack could mean the loss of sensitive data. Thankfully this type of action can easily be prevented by the creation of a mail transport rule in the O365 admin centre to block users from being able to auto-forward emails to external accounts. 

Check Cloud Solution Provider access

If your organisation bought its O365 subscription through a Cloud Solution Provider (CSP), check to see whether that partner has access to the environment. Many CSPs receive access by default and are now being targeted by cyber criminals for this reason.  One recent example is an attack on PSM, a US cloud company.

Additional steps to take

Before you decide upon whether to invest in supplementary technology from Microsoft to further improve the security of O365, it is worth evaluating the many third-party tools available. To help you do this, consider consulting with cloud management and monitoring specialists who can provide the extra technology, support and expertise you need to further enhance your organisation’s security.

It could also be hugely beneficial to commission penetration testing to help detect and address vulnerabilities such as those relating to insecure network and system configurations.

Chester Avey is an independent business consultant:     

You Might Also Read: 

Dealing With Malicious Emails:

 

 

« Cyber Crime In Britain
Psycho-Cyberchology »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

Truth Technologies Inc (TTI)

Truth Technologies Inc (TTI)

TTI is a premier provider of worldwide anti-money laundering, anti-fraud, customer identification, and compliance products and services.

AcceptLocal

AcceptLocal

AcceptLocal is a payments industry consultancy with expertise in payment processing, payment security, anti-money laundering and fraud prevention.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

WebSec B.V.

WebSec B.V.

WebSec is a Dutch Cybersecurity firm mainly focused on offensive security services such as pentesting, red teaming and security awareness and phishing campaigns.

Darkbeam

Darkbeam

Darkbeam provides a unified solution to protect against security, brand and compliance risks across your digital infrastructure.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

LGMS - LE Global Services

LGMS - LE Global Services

LGMS is a leading cyber security penetration testing and assessment firm in the Asia Pacific region.

VinCSS

VinCSS

VinCSS Internet Security Services JSC is a leading organization working in the field of researching, developing, producing products as well as providing cyber security services.

Guardsman Cyber Intelligence (GCI)

Guardsman Cyber Intelligence (GCI)

GCI provides proven cyber intelligence solutions to protect your business against ever present physical and digital threats shadowing your online business.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Abstract Security

Abstract Security

Abstract Security has created a revolutionary platform, equipped with an AI-powered assistant, to better centralize the management of security analytics.

Vorlon

Vorlon

Vorlon's agentless patent-pending solution facilitates risk profiling of apps, and provides AI-driven behavioral analytics with response recommendations.

Seers

Seers

Seers is the world’s leading privacy & consent management platform for companies worldwide. Trusted by over 50,000+ businesses.

RedLattice

RedLattice

RedLattice are at the cutting edge of tool development and AI-assisted vulnerability research in cybersecurity.