One of the hidden threats of cloud security that many small businesses aren’t aware of is misconfiguration.
Misconfiguration is defined as when a cloud account isn’t protected with the right security settings. This can often happen if you’re using an application like Microsoft 365 “out of the box” without any customization.
In a survey of IT industry professionals, misconfiguration was cited as the #1 cloud security threat.
Some of the reasons that companies don’t properly secure their cloud accounts include:
- Inexperienced users
- They think the default settings will be good enough
- Lack of knowledge about what they should be doing
- Not realizing the options available to them
Have you properly configured your Microsoft 365 security for your Charlotte area business? We have several tips below that can help you better safeguard your account.
Tips to Strengthen Your Microsoft 365 Account Security
Enable MFA for All Users
77% of all cloud account breaches are due to credential theft. One of the best ways to prevent malicious account take-overs is to ensure all users are using multi-factor authentication (MFA) for their account logins.
Enabling MFA for all users can be done in the Microsoft 365 account security settings and can keep hackers from compromising user accounts even if they have the password because they won’t have access to the MFA code.
Improve Malware Protection for Emails
Ransomware, spyware, and other types of malware can devastate a business network in just seconds. Phishing emails are getting ever more sophisticated and harder for the average user to spot, so it’s important to put in safeguards that can backstop your users.
You can automatically block file attachments known to contain malware by turning on a specific setting. You can further improve protection by adding several file types known to be potentially dangerous to the block list.
- Go the Security & Compliance Center
- Under Threat Management, choose Policy > Anti-Malware
- Double-click to edit the default company-wide policy
- Select Settings
- Under Common Attachment Types Filter choose “On”
- Edit the types of file types being block by adding: ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif
- Select Save
Add a Dedicated Global Administrator Account
When employees have global admin privileges for Microsoft 365 on their personal accounts, it leaves you at a higher risk of a breach for a couple of reasons.
One is that the same login being used for their account may be used on another login, making it more at risk of a breach. The second reason is that companies will typically have more than one administrator, so each account with global admin privileges increases the potential for a high-level attack.
Microsoft allows you to set up a dedicated global administrator account without having to purchase another user license. What this does is reduce your risk because you don’t have to grant admin level access to multiple users. Instead, admins can log into the dedicated account and then logout when finished with administrative tasks.
Block the Ability to Auto-Forward Mail Outside Your Domain
Many hackers are quiet once they breach a user account and the user may not even realize someone else has access to their login. They’ll quietly steal files and access sensitive data behind the scenes.
One of the things this type of hacker will do is to auto-forward a user’s email to their own account. If the user never checks the settings, they may never know.
You can block the ability to do this type of auto-forwarding by setting up a mail flow rule:
- In the Exchange Admin Center, go to the mail flow category
- Select rules and click + to Create a new rule
- Choose More options at the bottom
- Apply the following settings:
- Apply rule if sender is internal and recipient is external
- Message properties, message type is auto-forward
- Action is to block the message and include an explanation
- Set explanation text (i.e. This action is prohibited.)
Fight Phishing with Safe Links (Premium Accounts)
If you have a Microsoft 365 Business Premium subscription, you gain several more security settings through Microsoft Defender for Office 365. One of these is Safe Links.
Since most phishing attacks these days use links rather than file attachments, it’s important to have systems in place that can keep users from clicking malicious links.
When you turn on Safe Links, it can check URLs against a known list of malicious links and rewrite them so the user can’t accidentally click on them. It can do this for email as well as links shared in other areas of the platform, like Teams.
Microsoft has a Safe Links video here.
Get Help Securing Your Microsoft 365 Account!
Don’t leave your cloud data and account at risk. Rocky Knoll Technologies can help your Charlotte business with security customizations to protect your Microsoft 365 account.
Contact us today to schedule a free consultation. Call 704.594.7292 or reach us online.
