Microsoft 365 Is The Foundation Of Your IT Environment
Microsoft 365 Is The Foundation Of Your IT Environment—Don’t Let Hackers Break-In
As a rule, you should always be concerned about security.
It’s a never-ending battle, and as such, it should always be considered when it comes to the technology you use at your business.
But what about Microsoft 365?
Should You Be Worried About Microsoft 365 Security?
Absolutely—while Microsoft’s default security settings cover extremely basic considerations, they’re a far cry from the best practice-based posture any modern business should follow.
One of the most prominent features is the Microsoft Secure Score, which is an analysis tool designed to tell users where they may have potential security risks.
While this function can certainly help to determine your specific degree of exposure, Microsoft doesn’t offer any solutions to the problems identified therein. You’re expected to address the vulnerabilities on your own.
This reveals the limited approach Microsoft takes to the security of user data. Designed according to Microsoft Security Development Lifecycle, Microsoft 365 is a Software-as-a-Service solution that uses a defense-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. Plus, it offers enterprise-grade user and admin controls to further secure your environment.
Regardless of all that, it’s simply not secure against today’s cybercrime threats. A recent report by Vectra exposed how cybercriminals are circumventing Microsoft 365’s security capabilities.
4 Cybercrime Methods That Will Breach Your Microsoft 365 Data
The more capabilities you give your users, the greater the risk those accounts pose to your security. Cybercriminals just need to breach one over-privileged account to wreak havoc in your systems.
Microsoft Outlook Disabled Auditing
Older Microsoft 365 accounts may not have mailbox auditing turned on by default. This puts them at risk of being monitored by cybercriminals hiding in the system.
Any and all messages and data are automatically compromised when an external party is lurking in your network.
Business Email Compromise
Business Email Compromise is a social engineering technique used by cybercriminals in which they pose as a business or member of a business in order to execute fraudulent payments.
Recently, cybercriminals stole $15 million by impersonating executives at over 150 businesses. Business Email Compromise can be carried out in a number of ways:
Phishing emails are sent to large numbers of users simultaneously in an attempt to "fish" sensitive information by posing as reputable sources; often with legitimate-looking logos attached.
This is a much more focused form of phishing. The cybercriminal has either studied up on the group or has gleaned data from social media sites to con users.
LinkedIn, Facebook, and other venues provide a wealth of information about organizational personnel, as do their company websites. This can include their contact information, connections, friends, ongoing business deals, and more.
Stolen Administrator Rights
By design, global administrator accounts have the most privileges in a Microsoft 365 ecosystem. They can configure settings, grant access to other users, and more.
That’s why cybercriminals will go to great lengths to access these accounts. By tricking their way in through a phishing scam or brute-forcing the login, they gain unfettered access to your data.
Optimizing Microsoft 365 Security
While Microsoft 365 does provide a range of industry-standard security features out of the box, it’s not infallible, especially when it comes to backup.
As a cloud-based platform, all of the data accessed in Microsoft 365 is backed up to a secure off-site location. This occurs simply by the nature of a cloud solution like Microsoft 365.
That being said, Microsoft’s first priority when it comes to management is most certainly the Microsoft 365 infrastructure as well as maintenance of uptime on the user end.
The reality, whether it’s actually convenient or not, is that Microsoft has empowered the user in this case to take responsibility for their data.
Beyond the usual data loss and integrity protections that are provided as a part of Microsoft 365, users may need to double-check the controls and other parameters involved with protecting their data.
While almost anyone using a computer for work would understand the nature of why backing up your data is important (don’t forget that hard copies are often still filed in triplicate as a contingency), it’s likely you don’t know of each and every application that an effective data backup can have.
To start, here’s the top four…
Data Retention Contingencies
At the rate that technology evolves (and how quickly your business’s standard operations and concerned policies are required to keep up with it), it’s no surprise that some businesses find it difficult to keep up with.
When policy development falls behind the pace of adopted technologies, it can often lead to gaps, which can affect data retention. The fact is that Microsoft 365 only has limited backup and retention policies, equipped to handle situational data loss—not comprehensive.
Data loss is often the result of poor digital security; without the right defenses, cybercriminals can easily infect an IT system with ransomware or other types of malware and compromise company data.
You may have heard that the right antimalware solution will minimize the chance of data loss, but what about internal threats? It’s not fun to think about, but internal security threats (i.e. malicious employees) can cause just as much damage as external cybercriminals.
A majority of cybersecurity services offered today include the best in vital technologies, from firewalls to anti-malware to data encryption and more.
However, as important as this technology is, on its own, it simply isn't enough. The key to truly comprehensive cybersecurity (and therefore, data protection and data backup) is simple, yet often overlooked: the user.
“Set it and forget it" firewalls, antivirus software, and yes, backups, fail to account for how important the user is. Even the most effective data integrity measures can be negated by simple human error, which is why conventional solutions are simply not enough to make sure your data is protected.
Much of data protection is dependent on the user, and as such it's vital that you properly educate your employees on safe conduct.
The more your workforce knows about the security measures you have in place, the more confidently they can use the technology in a secure manner. Human error can be detrimental to data integrity. Without a viable backup, all it takes is one accidental click to delete a file, or one spilled coffee to fry a local hard drive.
When it comes to modern compliance requirements, redundant data backups are critical. You'll want to make sure you know what’s required of your industry’s compliance regulations, and make sure you have backup methods in place to meet those.
The default backup capabilities offered by Microsoft 365 may not suffice for the most stringent regulations.
Long story short: as much as Microsoft 365 does offer, nothing is really “set it and forget it” when it comes to security and data loss prevention.
No matter what cloud platform you choose for your business, you shouldn’t assume it will keep you protected against cybercrime and data loss all on its own.
Microsoft 365 Cybersecurity Best Practices For Administrators
Least Privilege & Access Control
Make sure to follow the rule of “least privilege”.
It’s an important part of zero trust security. It ensures that every user is only given precisely the level of access they need to do their job. It’s like a cyber security equivalent of the intelligence concept, “need to know basis”.
You can protect against a range of inbox-based threats by enabling mailbox auditing on all accounts. This will track and identify suspicious behavior, ensuring that identified and tracked threats are neutralized properly.
Mail Flow Rules
Make sure to enable mail flow rules. This will allow your administrator to track suspicious messages and intercept them while in transit.
Did you know that the most common way cybercriminals get into a network is through loopholes in common third-party programs?
That means the computer programs you rely on to get work done every day could be leaving you vulnerable to security breaches. With new threats arising all the time, it’s imperative that your application and system software is up to date.
User Awareness Training
Organizations are often at risk based on the weakest links in their cybersecurity—poorly trained employees. That's why continuous training with a variety of different methodologies is necessary in order to have employees be knowledgeable and aware.
Security awareness training helps users to recognize and avoid being victimized by phishing emails and scam websites. They learn how to handle security incidents when they occur.
If users are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.
Make sure your staff knows how to identify and address suspicious emails, phishing attempts, social engineering tactics, and more. Implement training that shows how to use business technology without exposing data and other assets to external threats by accident.
Test your staff on how to respond when they suspect that an attack is occurring or has occurred.
The #1 Most Important Cybersecurity Feature For Microsoft 365 Users
At an RSA security conference, Microsoft engineers told attendees that 99.9% of the accounts that are compromised each month don’t have two-factor authentication (MFA) enabled.
MFA is a great way to add an extra layer of protection to the existing system and account logins.
By requiring a second piece of information like a randomly-generated numerical code sent by text message, you're able to make sure that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice or even iris scans are also options, as are physical objects like keycards.
How Does MFA Work?
When you log in to an account that has MFA enabled, in addition to entering your password, you must either enter in an added generated code or authorize login with a “push” request to a secondary device.
In the event your password is compromised, your account will remain secure as the cybercriminal is unable to authenticate the secondary requirement. In layman’s terms, when MFA is enabled, hackers need more than just your password to break into your accounts.
There is a range of options for generating the MFA codes:
- Receiving a text message
- Using a dedicated authenticator application
- Possessing a physical device on which you must push a button to verify that you are the authorized user of that account
The protection that MFA adds allows you to use your passwords for a longer length of time between password resets.
In the event that your service provider is compromised and your email and password end up in an open database on the open web, you will have time to change your password before your individual account is compromised.
Enlist An Expert Team To Manage Your Microsoft 365 Security
Think you can handle your Microsoft 365 security on your own?
Maybe you can—in theory, it's entirely possible that, if you've invested in the right technologies, and have the right skill set, you could handle Microsoft 365 cyber security for your business all on your own.
But, if we’re being honest, that’s a big if. The proven approach would be to have the Integral Networks team manage it for you.
We can work with your staff or current IT team to manage any vulnerabilities identified as a part of your Microsoft Secure Score on an as-needed basis, or manage your Microsoft 365 security on an ongoing basis.
Our cyber security support will handle the following:
- Management of security patches and updates
- Implementation of best practices for user privileges and access management
- Ongoing management of data backup
Does Your Team Have Microsoft 365 Cybersecurity Expertise?
All of this is to say that, in order to eliminate unforeseen variables and limit your risk in the ongoing management of a solution like Microsoft 365, you need a team with Microsoft 365 expertise.
Make sure your organization is fully leveraging your investment in Microsoft 365 and deploying the security features you already own or are not aware of, to help improve your security posture.
Need expert Microsoft consultation and support?
Contact the Integral Networks team—we can work with your team to help you migrate to, optimize and secure Microsoft 365.