As adoption has increased, Office 365 has become an attractive surface for cybercriminals targeting hosted email, user credentials, and personal/organizational data. According to Cisco’s recent Cybersecurity Report, more than 90 percent of breaches start with email. Attackers spread ransomware and other malware remarkably easily through email, which means that securing Office 365 is of critical importance to protect networks and data, reduce costs, and to ensure safe communication. In a previous post, we discussed Best Practices for Office 365 Administration, which touched on options that are built-in to Office 365 and should be implemented during migration. In this post, we dive deeper to examine additional security measures to take in order to secure Office 365 and protect your organization. Through our years of experience working with Office 365 from its infancy, we offer 8 simple steps to secure your Office 365 environment.
- Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing zero-day protection and includes features to safeguard your organization from harmful links in real time. Additionally, ATP has reporting and URL trace capabilities that give administrators better insight into the kind of attacks happening in your organization. Some ATP capabilities include Safe Links, Anti-phishing policies, Safe Attachments, and Attack Simulator. Learn more about Office 365 Advanced Threat Protection
- Conditional Access in Azure Active Directory
As modern workplaces continue to transform how and where people work, organizations can no longer merely look at placing a perimeter around their networks in the interest of security. The perimeter now includes users and device identity, which further extends and complicates the task. Organizations are tasked with ensuring “whenever and wherever” productivity for users while protecting assets. Conditional access (CA) is a set of policies and configurations that control which devices have access to various services and data sources. Conditional access relies on signals, from either the corporate AD Domain or Microsoft Intune, to inform the system about the state and trustworthiness of the device prior to the device gaining access to the data. To learn more about CA settings, click here.
- SPF, DKIM, and DMARC
Phishing and email spam are the biggest ‘opportunities’ for hackers to enter your network. A single user can click on a malicious attachment and compromise the entire organization with ransomware, cryptojacking scripts, or data leakages, to name just a few. SPF, DKIM, and DMARC are methods to authenticate your mail server and to prove that senders are authorized to send email. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are TXT records that help to verify domain send permissions and content authenticity. Domain-based Messaging Authentication, Reporting, and Conformance (DMARC) is an email authentication, policy, and reporting protocol that uses both SPF and DKIM, but builds on them to ensure all records match and have not been altered, and can use created policies to advise receiving server of how to respond in the event that SPF or DKIM fail. As more and more ISPs and email providers (Microsoft included) are beginning more strict enforcement, it is prudent to utilize all three measures to help secure communications and messaging.
- Azure AD Risk Detection
In the world of cybersecurity, the more information that is available to an administrator in a short period of time might make the difference between a failed intrusion and a full-blown data nightmare. Wouldn’t it be nice to be able to review a risk detection before it propagates through your organization? Fortunately, Azure Active Directory (Azure AD) offers the ability to detect suspicious actions related to your user accounts. It creates a record called a risk detection that allows admins to review any suspicious activity. For example, Azure AD detects a sign-in from an anonymous IP address. It will list the IP, location, sign-in time, and status, and provide a quick potential security impact that will assist you in determining next steps. To see an example and for more information, click here.
- Multi-Factor Authentication (MFA)
We have already mentioned this in Best Practices for Office 365 Administration, but its importance cannot be overstated. Turning on MFA is a simple and effective way to add security and make attacks far less likely to be successful, as it requires an additional authentication step before access is granted. Learn how to set up MFA: Office 365 MFA Set Up
- Endpoint Protection with Intune
As organizations continue to evolve through remote workforces and decentralization of operations, the demand and reliance on mobile devices has increased. The task of protecting company information, compliance, and ensuring that this new workforce can remain collaborative and productive adds an additional set of considerations and concerns for IT departments. Microsoft Intune is a cloud-based service that helps enable your workforce to be productive and protected. Intune allows you to manage the mobile devices and PCs your workforce uses to access company data, manage mobile apps, ensure devices and apps are compliant with company security requirements, and helps protect your company information by helping control the way the workforce accesses and shares content. Intune allows you to create device configuration profiles to manage common endpoint security features on various devices like Firewall, BitLocker, Windows Defender and encryption, and the ability to allow/block apps. This allows for more focused control and security. Add endpoint protection settings in Intune
- Cloud App Security
If you’ve ever used the Internet, then the chances are high that someone has attempted to access your information at some point in time. The fact is that this is a reality in today’s more cloud-centric world. An organization with a heavy reliance on cloud-based apps and services like Office 365 needs to have a wide array of robust security tools at their disposal, and Microsoft Cloud App Security is a must have. Available with E5 licensing or by purchasing the add-on, utilizing Microsoft Cloud App Security helps you to discover and control the use of Shadow IT, protect sensitive information in the cloud, protect against cyberthreats and anomalies, and assess the compliance of your cloud apps. Additionally, once enabled, you can set up custom alerts that provide a more granular view of activity. Leaked credentials, activity from anonymous IP addresses, risky sign-in, and suspicious data exfiltration are but a few examples of the type of activity that can be monitored and controlled. For more information about Microsoft Cloud App Security, click here.
- End User Training
Perhaps the single most important tool in your arsenal. The most robust and well-thought security plans can be rendered somewhat useless without providing the proper training and awareness to your workforce. The ability to identify and avoid attacks is crucial to preventing breaches. Your users often possess vital and sensitive information that an attacker needs to successfully breach your systems. Understanding methods of phishing that include:
- Embedding links in email that redirect to unsecure sites
- Installing a Trojan via a malicious attachment which allows intruders to access
- Spoofing of addresses and requesting information
These are just a few of the ways that a phishing attack can originate. Train, train, train! It’s vital that you repeat and refresh your staff to potential threats, and make sure that they are diligent. Employees should be trained on security awareness as part of their orientation and then continuously throughout their tenure. Remind them that passwords and such should never be sent via email. Show examples of malicious links and fraudulent sites. Perform random phishing attempts against your own staff to gauge their knowledge in handling phishing attempts. Knowledge is power, so arm your employees and staff with everything you can. Finding the right balance to foster productivity, enable collaboration, and manage decentralization while securing your data and assets is a complex balancing act. There is no substitute for knowledge and experience. Let Wellforce IT’s team of experts help guide you every step of the way.