9 Tips to Improve Office 365 Security

Table of Contents

Office 365 is a valuable productivity and collaboration tool. It offers businesses numerous benefits, including easy collaboration, remote work, scalability, and lower capital spend. Office 365 security is typically pretty solid and offers a wide range of measures. However, amidst the extensive range of security threats ranging from malware to data leakage and unauthorized access, Office 365 is not entirely safe. Therefore, organizations need to be vigilant to keep their data safe. Here are nine tips on how to improve Office 365 security to avoid potential incidents.

1. Enforce Multi-factor Authentication

Normally, Office 365 users have one way to verify their identity when logging into the application. They use a username coupled with a password. Regrettably, a good number of users do not practice password hygiene which leaves organizations at risk of an unauthorized intrusion.

This is where MFA (Multi-factor authentication) comes in handy to improve office 365 security. It utilizes two or more factors, such as one-time pass codes, to verify the identity of a user. While many people regard MFA as a hassle and an inconvenience, it is easy to implement and can prevent incidents in numerous ways.

Microsoft has a feature referred to as “Security Defaults” When you enable this feature, it enforces the utilization of MFA in all administrator accounts. MFA is an easy measure for organizations to secure their O365 environment from potential intrusions, should one of their admin’s password be leaked on the Dark Web following a data breach.

MFA should also be applied to users without admin permissions. Although these uses do not represent the same risk, they can compromise apps and services within the ecosystem.

2. Activate Advanced Threat Protection (ATP)

Microsoft’s ATP is a very powerful solution that detects, prevents, and responds to advanced threats that can typically bypass traditional security protections such as firewall, antivirus, and monitoring solutions. Advanced threat protection provides access to a database of known threats that is updated in real-time, allowing its users to be aware of the latest threats that organizations are faced with and to integrate third-party threat data into their own analysis.

With ATP, you will be notified of any attacks, their severity and how the threat was stopped, no matter the origin of the attack. As phishing attacks are on the rise and remain one of the most common vectors of attack used by hackers, 365 Advanced Threat Protection can be very effective at identifying phishing attacks with the help of machine learning and its ever-growing database of malicious sites known for delivering malware or attempting phishing.

This solution is one of the most powerful threat protection measures you can have in place to improve your office 365 security, ensuring that any data within your team’s SharePoint, Teams or OneDrive is well protected.

Can Your Office 365 Environment Be Compromised by Hackers? Find Out.

Our Office 365 security audits offer a cost-effective approach to identify and fix vulnerabilities in O365 configurations that hackers can exploit to infiltrate your infrastructure in order to access sensitive information or launch further attacks.

3. Disable Legacy Protocol Authentication When Necessary

Legacy protocols do not support MFA features that help to mitigate risks of an intrusion. They become good entry points for adversaries targeting your company. Therefore, it is best practice to disable legacy authentication to reduce risks.

In case a firm needs to use legacy protocols for older email clients, the protocols will not be disabled. The email accounts become a vulnerability because they can be accessed via the internet requiring only a password and username to access them, rendering multi-factor measures useless for these users.

An excellent way of mitigating this issue is to restrict access to legacy protocols to select users who need them. By limiting the users who access legacy protocol authentication methods, you lessen an organization’s attack surface substantially.

4. Enable Alerts for Suspicious Activity

With O365, you can enable logging of activity to identify any malicious activity in the system. Nevertheless, enabling alerts for suspicious activity increases your effectiveness in detecting suspicious activity.

You can do this by creating and enabling alerts to notify admins of suspicious events. Suspicious activities can be logins from abnormal locations or accounts surpassing sent mail thresholds, among others. Enabling alerts can go a long way to reduce the time it takes to detect and mitigate malicious activities.

5. Enforce Strong Passwords

Brute-force attacks are increasing each day. They can be detrimental for accounts with access to sensitive corporate data. One way of preventing brute-force attacks is by creating strong passwords. Passwords with few characters are easy to hack, so avoid them.

Here are a few rules for creating a secure password:

  • Long passwords are more secure – should have at least eight characters
  • Mix symbols, uppercase and lowercase letters, and digits
  • Avoid obvious passwords like 123456, abcdefg, etc.
  • Avoid utilizing the same password for different accounts.
  • Revise passwords regularly –every six months or less

6. Set Up Conditional Access

Did you know that many organizations experience log in attempts from other parts of the world without their knowledge? If your organization does not have remote employees from around the world, it is best to set up conditional access.

When you enable Conditional Access, all foreign login attempts are blocked. In case a senior official goes on a vacation abroad, he can only log in to his email using a company compliant device.

7. Incorporate Microsoft Secure Score

Microsoft’s Secure Score allows you to gauge your security posture for O365 and provide enhancement recommendations. It offers a centralized dashboard for your enterprise to track security and compliance amendments in Office 365.

8. Enable Unified Audit Log (UAL)

UAL contains logs from Office 365 services like Azure AD, Microsoft Teams, SharePoint Online, and OneDrive. By enabling UAL, an admin can access actions that could be malicious and contrary to organizational policies.

Do not also forget to integrate logs with your existing SIEM tool. This way, you can relate O365 logs with your existing log management and monitoring solutions to detect any abnormal activity and improve your overall office 365 security.

9. Educate Your Users

The above precautions cannot be sufficient if you leave users out of the equation. Research shows that 90% of data breaches stem from human error.

Luckily, human errors can be prevented with mandatory security training for employees. Training ensures that users are aware of probable threats and how to tackle them. They become vigilant and avoid silly mistakes with enormous effects.

It is best practice to ensure that new employees undergo security training before using organizational devices and handling sensitive corporate data.

The Take Away

Many organizations are migrating to Office 365 to enjoy its collaboration, scalability, flexibility, and cost-saving features. Although O365 is an indispensable tool for companies, it is vulnerable to security threats. While Microsoft devotes millions of dollars to safeguard users’ data in the application, it is advisable to enact security measures to maximize the security of your own O365 environment.

A penetration test is a simulated hacking attempt that identifies opportunities for real hackers to break through your defences and perform various malicious acts. It generally leverages tools used by hackers and various professional methodologies to replicate the steps that modern hackers would take to intrude into your IT systems.

A pentest attempts to exploit your vulnerabilities to determine their potential impact, should they be used in a real hacking scenario. They provide a list of vulnerabilities with their respective level of severity, as well as technical recommendations to help your team apply corrective measures and focus on the most critical vulnerabilities.

These services allow your organization to answer the following questions, among several others:

  • Can a hacker gain access to any sensitive information?
  • Can a hacker hijack my technologies for any malicious acts?
  • Could a malware infection spread through the network?
  • Can an attacker escalate access to an administrative user?

Learn more about penetration testing →

There are many contexts in which a penetration test should be performed.

Here are some common use cases for a pentest:

  • As part of the development cycle of an application. (To test the security of a new feature/app)
  • To comply with security requirements. (3rd-parties, PCI, ISO27001, etc.)
  • To secure sensitive data from exfiltration.
  • To prevent infections by malware. (Ransomware, spyware, etc.)
  • To prevent disruptive cyberattacks. (Such as denial of service)
  • As part of a cybersecurity risk management strategy.

All businesses are advised to conduct a penetration test at least once a year, as well as after any significant upgrades or modifications to the company network. Given the rapid rate at which new exploits are discovered, we generally recommend that quarterly tests are performed.

Various steps are taken over the course of the project to prevent the potential impact of our tests on the stability of your technological environment and the continuity of your business operations.

For this reason, a communication plan will be put in place at the beginning of the project to prevent and mitigate any potential impact. A representative of your organization will be identified to act as the main point of contact to ensure rapid communication in the event of a situation directly impacting the conduct of your daily operations, or if any critical vulnerabilities are identified, for which  corrective measures need to be implemented quickly.

While we use a simple 4 levels risk rating approach (Critical, High, Moderate, Low), our risk assessment is actually based on the Common Vulnerability Scoring System (CVSS) standard. Two main criteria are considered when  assessing the risk level of each vulnerability:

  • Potential impact: The potential impact of an attack based on a vulnerability, combined with its  potential effect on the availability of the system, as well as the confidentiality and integrity of  the data.
  • Exploitability: The potential exploitability of a vulnerability; a vulnerability that is easier to  exploit increases the number of potential attackers and thus the likelihood of an attack.  Different factors are considered when evaluating the exploitability potential of a vulnerability  (e.g.: access vector, authentication, operational complexity, etc.)

Related Blog Articles

What is the MITRE SoT Framework and How Does It Work?

MITRE Security System of Trust framework help improve supply chain security. This new open-source platform enables the secure and efficient sharing of information among supply chain partners.

Read The Article
Best Cybersecurity Certifications in 2022

Best Cybersecurity Certifications in 2022

Cybersecurity is one of the most important issues businesses face today. Professionals in the field need to have the best possible training and certifications to help protect organizations from the main cyber risks threatening them. In this blog post, we will provide a detailed list of the best cybersecurity certifications available, from entry-level and senior-level …

Best Cybersecurity Certifications in 2022 Read More »

Read The Article
What is a DDoS Attack and How to Prevent Them

What is a DDoS Attack and How to Prevent Them

A Denial-of-Service attack (DDoS) is a type of cyberattack that seeks to make a machine or network resource unavailable.

Read The Article

Tell us about your needs.
Get an answer the same business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

No engagement. We answer within 24h.