Many organisations have struggled adjusting to the new hybrid workplace due to the pandemic. Cybercriminals have acknowledged this vulnerability and taken full advantage of it by creating complex new ways to attack businesses.
With cybercrime being heightened today and for the foreseeable future, it is good practice to have updated security awareness training in place for all employees as we begin to emerge from the lockdown.
In this blog we want to provide our top tips to help prevent your Microsoft 365 from being hacked and help to strengthen your security awareness by highlighting critical precautions.
1. User Training
Providing security training for employees is one of the most important protection methods and is good practice for securing your company’s sensitive data. Research shows employees are more often to be the root cause of business security breaches, this makes it vital for employees to get the essential security training.
The benefits of providing this training are endless, it allows employees to become more aware of the importance of security, this helps to create a security culture within your business.
2. Deploying MFA
By deploying a Multifactor Authenticator (MFA) (also known as 2 step verification) app such a Microsoft’s Authenticator App, you can make it mandatory for employees or consumers to verify their credibility using a Time-based One Time Password (TOTP) located within the authenticator App.
There are many benefits to deploying MFA App’s, example; the end-user is verified, adding more layers of security to your accounts and data. You can add this setting through Microsoft 365 that requires users to log in using MFA set up on work phones - Turn on multi-factor authentication | Microsoft DocsSet up your Microsoft 365 sign-in for multi-factor authentication
3. Using strong passwords and Password Managers
It is a known rule to never write your passwords down. When trying to memorise passwords, this often leads to using the same password for multiple sites – this is a major cause to the corruption of security, if hackers get hold of your password they are then able to log in as you on multiple sites/apps.
Password managers have the ability to create lengthy, complex and unique passwords for your sites and apps, they then store these passwords in their secure database ready for you to use when logging in to the websites/apps. Deploying a password manager for your team is extremely beneficial as it helps to prevent phishing attacks as well as data breaches, a lot of these password managers adopt a data breach feature which will make you aware if a site or password has been corrupted.
4. Stop Auto-forwarding for emails
Automatic email forwarding is common amongst employees, this is where they have corporate email accounts forward all emails to their personal accounts. The risks occur when data remains in personal, less secure accounts or in the event of a user no longer working for the company.
Hackers who gain access to a user's mailbox can exfiltrate mail by configuring the mailbox to automatically forward email. This can occasionally happen even without the user's knowledge. It is crucial to educate users of the risks of email forwarding to outside of the organisation – disabling this is good practice and can reduce security breaches.
5. Use office message encryption.
Office message encryption is included with M365 and is usually already set up, your organisation can then send and receive encrypted email messages between those within the business and outside thought 2 protection options – ‘Do not forward’ and ‘Encrypt’.
Email message encryption ensures that only the intended recipients can view the content, office 365 works with outlook, yahoo Gmail and other email services.
The professional team at Total IT highly recommend following these steps when setting up a security plan for your business, being aware of cyber threats and educating your team is highly important.
Please head to our Managed security page for more information: Managed Security - Total IT | IT Support for UK Businesses or contact our team on 01908 870360
Comments