Blog

Things to do in Office 365 BEFORE you get breached

Things to do in Office 365 BEFORE you get breached

11/06/2018

Things to do in Office 365 BEFORE you get breachedCloud-based services, including Office 365, Google for Work, DropBox, and many more, are a big target for cybercriminals. Since the services are not behind your firewall, anyone with access to the internet can try to target your account. And since so much of our information is available on the internet, it makes for a “easy pickings” for the bad guys.

But there are some easy—and free!—things you can do make your Office 365 environment more secure. Unfortunately, almost no one wants to do these things until after their account gets compromised.

 

Turn on mobile device management for Office 365.

Mobile Device Management (MDM) for Office 365 is free with Office 365 accounts. This takes just a little bit of effort to set up, but it is totally worth it. MDM allows you to securely and remotely wipe corporate data off of managed devices.

So, if an employee leaves the company, you can rest assured that your corporate data (email, OneDrive, SharePoint) can be wiped without touching the other contents of their phone. This is also great in situations where a device is lost.

 

Turn on the Office 365 Audit Logs.

The Office 365 Unified Audit Logs keep a record of everything that has happened in your tenant for the last 90 days. This is especially useful when you are trying to piece together how an account may have been compromised.

Without auditing, it’s nearly impossible to figure out what happened after a breach—meaning it’s nearly impossible to fix whatever vulnerability was used to get into your account.

You do need to manually turn these on – so go do that today! (Side note: Exchange Online is a little different – that is managed here)

 

Set up a separate Global Admin account.

Too often, we are seeing people use their ‘daily driver’ account as the Global Admin account as well. If your account gets hacked, that’s a whole lot of surface area for the bad guys to attack. Instead, set up a separate Global Admin account that doesn’t have any licenses assigned at all; only use this account for administrative activities.

 

Require Multi-Factor Authentication for Global Admins – consider it for all users.

We’ve spent a lot of time talking about the important of multi-factor authentication (MFA) for all users—it can help protect your account, even someone has your password. If you can’t implement it for all users, at the very least, it should be required for Admin Accounts. The bad guys can do a lot more damage if they get access to an account with admin access.

Office 365 accounts do include free MFA. There is also a premium version in Azure AD Premium Plan 1 that includes more customization options.

 

Set up a custom log in screen for Office 365.

Customizing your Office 365 log in screen is great for brand awareness and security (double win!). This can help your employees not fall victim to phishing scams. Of course, this will involve some user training. You’ll have to teach your users to look for the logo when they log in. If it’s not there—don’t log in!

Following these steps will allow you to customize your log in screen to match your brand.

 

These are just a few of the free ways you can help secure your Office 365 data. Similar settings are also available on other cloud services, so you may want to review those settings as well.

For a deeper dive on Office 365 security, you can also review:

 

 New call-to-action

 

 

   
Ultimate Guide to Small Business Cyber Security