In this post we will describe 5 simple steps that every company that uses Microsoft Office 365 should take in order to increase the security of their environment.
1. Activate Multi-Factor Authentication
As we described in the article Prevent Phishing Attacks in Office 365, multi-factor authentication, also called two-step verification, is one of the simplest and most effective ways to increase the security of your Microsoft Office 365 platform.
By sending a verification code to a mobile phone before accessing Microsoft 365, the access by an attacker who has stolen a password is prevented.
Microsoft 365 administrators can activate two-step verification in a simple way, as described in this video:
Source Microsoft https://support.office.com/article/e12187b8-216a-4490-9e3b-df34a06fb787
2. Use Dedicated Administrators Accounts
Admin accounts are very valuable targets for cyber criminals as they have elevated privileges on the Microsoft 365 platform. We recommend administrators to use a separate user account for normal, non-administrative use and that they only use their administrative account when necessary to complete administration tasks.
It is also important that all administrator accounts have multi-factor authentication configured.
In addition, we recommend to close session before and after accessing the Microsoft Office 365 administration portals, or to connect using the incognito mode of the browser.
3. Display Notification when Receiving Email from an External Address
Cyber criminals often pretend to be someone from within the company. An easy way to protect yourself in this case is to notify users when they receive an email from an external email address.
To do so, from the Exchange Online Administration, you should create a mail flow rule with the following criteria:
Condition: the sender is not from the organization
Action: display a notification like “this email comes from an external account, do not open links or attached documents unless you are sure about the content”
Once the rule is configured, when a user sees this notification, he will know that the sender is external, and if it is a suspicious email, they can discard or report it.
4. Block Suspicious Attachments in Emails
From the anti malware configuration of Microsoft Office 365 (https://protection.office.com/antimalware), we recommend modifying the policy established by default, and activate the filtering of attachments files in emails, by type of extension, as described in this video:
Source Microsoft https://support.office.com/article/02b5783a-eea0-42e8-8856-62440718c3f0
5. Block Auto-Forwarding Emails
Hackers who gain access to a user email account often configure their mailbox to automatically forward all email received. This allows them to continue receiving the emails of the attacked user, without using their account and without attracting attention.
To protect yourself against this method, you can create a rule that blocks automatic email forwarding.
To do this, from the Exchange Online administration, create a new transport rule (mail Flow) with the following characteristics, as described in the video:
Condition: if the message properties include message type = automatic forwarding
Action: Block the message, reject the message and include an explanation.
Source Microsoft https://support.microsoft.com/en-us/office/stop-auto-forwarding-emails-in-microsoft-365-f9d693ba-5c78-47c0-b156-8e461e062aa7
(Additional Step) Advanced Security
The security options in Microsoft Office 365 include many more functionalities than those described in this article, but they are more complex when it comes to implement them.
There are advanced protection tools, such as Office 365 ATP (Advanced Threat Protection) that they use AI algorithms to analyze suspicious links and documents, and even analyzes the content of the documents and the links they contain.
Many of these advanced protections are only included in less common Microsoft Office 365 plans, such as Microsoft 365 Business Premium and Office 365 E5. To know the options available in your tenant, you can visit the Microsoft 365 Security Center accessible from https://security.microsoft.com and the Office 365 Security and Compliance portal from https://protection.office.com
Conclusion – do not forget
The steps outlined here are easy to implement and should be applied to your Microsoft Office 365 tenant.
In addition to the actions described here, it is important to remember that the primary aspect of security is the human aspect. All users must have proper notions of security and should know the best practices.
For more information, do not hesitate to contact us: