Recommendations to secure your Office 365 tenant

As is well known, online security is given attention to a lot lately with high-profile hacks and cyber-attacks all over the world. Unfortunately, small and medium sized businesses are often becoming targets of cyber-criminals too, due to low investment in security…

So with this post, I will try to outcome some solutions to help small and medium size business to mitigate those problems. Here we go!

Training users

The biggest threat by far in companies, are the users… the best thing that we can do is train them, so my two cents are:

  • build a culture of security awareness informing users about most common threats
  • follow the ultimate rule “Think before click”
  • make absolutely certain that you’re on the website you think you’re on,

Check out Secure Score

Secure score gives a lot of information in security posture. Every company and organization has his own indicators in terms of security. Also we can find possible threats and recommendations to improve the security and get a better score. So don’t underestimate it!

The use of MFA

Two-step authentication is one of the simplest methods to protect an account, because even if hackers get a password, we will have a second factor to protect the account.

Check out your admin accounts

Identity is a weak point in security, so users with privilege presents a valuable target for hackers, so follow the next points:

  • MFA use is a must
  • use only for administrative functions (not regular users)

Protect against spam and malware

Office 365 already has built-in malware and spam filters, but you can increase your protection regarding that by the following:

  • set anti-malware policy that will block attachments most often used by hackers.
  • fine tune your Exchange Online or EOP

Protect against ransomware

Ransomware is the main problem nowadays, your files are being encrypted and the hackers demand money to restore the access. It is better to prevent rather than deal the consequences. So the main point here are:

  • educate users (remember first point)
  • create back-up copies of your files (Azure backup is great!)
  • create mail flow rules to block some attachment types

Disable mail auto forwarding

Sometimes when hackers gain access to credentials, they create auto-forwarding rules, that it may present in data leakage or even data loss. We can prevent this behaviour creating a transport rule blocking any auto-forward message types is among the simplest and handy ways to do it.

Enable mailbox auditing

The information pointing out who was logging in, sending e-mails or performing other mailbox activities may turn out to be very useful for identifying suspicious behavior and possibly showing that account was compromised.

I know that I am not covering all the points, but following this, I’m sure that your organization would be a bit more secure 😉


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s