Secure Your Work Space

Running a business isn’t easy! Regardless of the size of your business you have a lot to stay on top of, and these pressures have only grown in recent years – partially because of technological advancements but mainly due to the Covid-19 pandemic that has plagued the planet. However, the most prominent of concerns is the security of your data, which should always be at the forefront of your concerns.

Wherever your business resides (be it in the financial sector, retail, or as an MSP), your IT system is the key to your organisation’s sensitive data, and that system needs protecting. Cyber criminals are working hard to gain access to your customer information, intellectual property, and the cash within your bank accounts - we must do something to stop them.

Being a small business doesn’t make you immune.

If anything, it is quite the contrary - small businesses rarely have the technical infrastructure or budget to implement adequate defences. Of course, we aren’t suggesting you go out and spend thousands on security systems, but we are saying it is time that you find protection to a level from which your organisation will benefit.

Hackers are no longer ‘tech geniuses’ – new age attackers have just enough technical prowess to cause problems. It is beneficial to protect the areas of your IT infrastructure that are the most vulnerable to Phishing and Ransomware attacks; these are the most common threats and are the first choice of attackers

Why secure Microsoft 365?

For effective protection from cyber threats there is a variety of different tools, policies, and procedures available, and IT user educational tools that you need to implement. Most small business owners have tried to take proactive steps to a cyber secure workplace, mostly by installing Firewalls and secure password policies, but they need more to ensure a cyber secure workplace in the modern age.

 

What could happen if your Microsoft 365 account is breached?

 

A cyber attack can have a series of different outcomes, all of which will depend on the goals of your organisation. If a cyber attack is particularly sophisticated, then the ramifications could be as follows:

  1.        Sensitive data theft – If the data that you hold contains password credentials for third-party systems, or, worse, bank or card details for your own business or of your customers, this could be specifically targeted or stolen among your other file data.

 

  1.        Data theft or corruption - The file data you have contained within your OneDrive and SharePoint libraries could be corrupted, stolen, deleted or - the worst-case scenario – a combination of all three.

 

  1.        Masking as your business – With uncontested access to your Microsoft 365 environment comes the visibility of your contacts and correspondence history. The cyber criminal aims to learn about the businesses you do business with, and they do this in an attempt to find new targets to exploit. They may use your business as a way to hide their intentions and mask themselves to make the attack more likely to succeed.

 

Microsoft 365 – The heart of your business

Microsoft 365 is the Cloud ecosystem that businesses all over the globe use every day. Its day-to-day uses are many, as it allows you to store Emails, files, and folders, and revolutionises most workplaces that it is implemented. Its functionality is designed to accommodate a lot of Emails, so it is inevitable that malicious Emails will find their way through, but you can’t just accept your fate - you must do everything you can to protect your cyber landscape and, in turn, your business.

Microsoft – being a SaaS (Software-as-a-Service) solution – has its own security and compliance features as standard, but you must protect the front-end user aspects yourself, as Microsoft can’t do it all alone.

 

How to secure Microsoft 365?

When it comes to addressing the risk of data breaches to your organisation, we believe you can break down the process into two distinct areas:

  1.        Implementation of technical controls, policies, filters, and defences.
  2.        Policy changes for how your users’ access and utilise 365.

 

Technical defences

Technical defences exist within Microsoft 365 to overcome a variety of different security threats, including:

  •   Email content or attachments from being intercepted or viewed by unauthorised parties.
  •   Your domain becoming a victim of a ‘spoofing’ attack, with cybercriminals purporting to be your business.
  •   Phishing attacks being received or having their links clicked upon within email.
  •   Malware, Ransomware, and other malicious file attachments being received or downloaded from malicious emails.

 

The Users

Your users are the first and most important line of defence your system has. A breach can be authorised by a simple click in the wrong Email – your system is fragile; your team must know this and understand how to navigate the system safely.

There are a number of risks posed by users that access and interact with Microsoft 365 that depend upon:

  •   The complexity of their password and whether this password is unique to 365 or used as a general password across other services.
  •   The ability to share files and documents, and with whom.
  •   The ability to share potentially sensitive information within email messages.
  •   The level of system access and permissions assigned.

 

 

Security options in Microsoft 365

Login security

The risks

You must reduce the risk of accounts being breached because of credentials being released on the Dark Web, or because of lazily made passwords that are too short, easily guessable, or made using common formats.

Overcome the risks

Microsoft 365 define a secure password policy by default, which is designed with the intention of giving you clear directions on how to create and use complex passwords. A good complex password cannot be guessed easily - it needs to be long, a random mix of letters, numbers, and special characters, which should have no relation to the creator (petname123, or teamname123, for example).

In recent years, password best practice has changed, with the traditional approach being to enforce users to change passwords on a cycle (usually every week or so), and in some cases enforcing passwords of ever greater length and complexity as and when you change.

In more recent times, this has been rethought. Enforcing longer passwords, combined with a regular password renewal cycle, forces users to use old passwords again or recycling the same core lettering - but simply extending it by adding a number of further characters at the end to make it easier to remember. Unfortunately, this makes the entire process a waste of time as the account is then no more secure than before it was changed.

Applying 2-Factor Authentication as an additional layer of login security is the modern approach.

MFA is a second authentication step that takes place after a user has entered their password. This further secures your account by requesting the user input a code. That code then changes on a cycle, and is provided to the user via their mobile device through text message or by accessing an authentication app. This layering by needing multiple devices to permit access leaves your business safer than ever before. If the cyber criminal attempting to attack your system has your main password to the account, then they still need to get access to your personal device to make an attack possible.

 

What are the Microsoft 365 security defaults?

If you want your security parameters to apply globally for every user on the system, you can activate security defaults to automatically enforce a number of policies.

Security defaults are available to all users of Microsoft 365 at no extra cost, provided you are an organisation that utilises at least the free tier of the Azure Active Directory service.

Security defaults include:

  •          Block legacy forms of authentication
  •          Require users to perform MFA actions upon attempting certain functions
  •          Require all system administrators to perform MFA
  •          Require all users to register for MFA.

How to implement security defaults on Microsoft 365:

  1.        Visit your Azure Portal (https://portal.azure.com)
  2.        From the main menu scroll to ‘Properties’
  3.        Click ‘Manage security defaults’
  4.        Move the slider across by clicking ‘Yes’.

Once this is completed, the next time that your users log in to the system they will be prompted to activate MFA on their accounts – they will need to do this by entering a personal mobile number, Email address, or use another method like an authentication application, from which a code can be sent to ensure that the entry code goes to the right person.

If, after having done this, you are still concerned that your system can’t stand up to scrutiny, please don’t hesitate to contact our team of experts – they are primed and ready to help you ensure a secure cyber environment for your team.

 

 

Ensuring you get the most from the tools at your disposal

Our team of experts will take the time to get to know you, your team, the way you do business, and your goals and visions for the future. We will work together with you to learn what compliments the way you do business and will ensure that you are consistently up to date with the latest tech that is beneficial to you, whilst simultaneously ensuring you stay compliant to regulations at all times. We will ensure that you and your team are using the entire Microsoft ecosystem as effectively and, most importantly, as safely as possible. With our help you can introduce up-to-date tools, remain compliant, and be confident that your team are doing everything they can to defend in the most secure way possible. Don’t hesitate to get in contact with us and see how we can help you.

 

Related Items