With more businesses working remotely than ever before, Office 365 has become an essential platform for many companies to maintain productivity. However, it’s imperative that businesses take precautionary steps to secure their Office 365 tenancy to prevent threat actors from exploiting your data.
Because cybersecurity has become a major concern, especially for remote businesses, several companies are choosing to invest in robust IT security services to prevent security issues with the platform. In addition to that, they are ensuring they understand the security steps that should be taken to prevent data breaches.
Here are 11 best practices for Office 365 that will help to protect your business:
1. Set Up Multifactor Authentication
As you set up multifactor authentication (MFA), you should ensure that It is set to be enforced for all users. Often, employees can use a weak password or accidentally leave accounts open and vulnerable to violation.
Additionally, for service accounts that are not compatible with MFA (some backup software, for example), use strong 16-character (or more) randomly generated passwords. You should also enable modern authentication on the tenant if the tenant was added before 2017 to prevent the need for app passwords with Outlook.
2. Establish Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM)
Ensure these DNS records are added to prevent perpetrators from sending mail as your domain. Without an SPF record, anyone can send mail from your domain and pretend to be a user from your organization. SPF and DKIM both add an extra barrier to intercept these attacks.
3. Disable Email Forwarding to Outside Domains
Prevent hackers from auto-forwarding your email by disabling email forwarding to outside domains. If a security breach enables access to your email, any perpetrators will be able to forward the user email to an outside domain and steal private data.
One way to prevent this from happening is by creating a mail flow rule. This blocks your emails from being forwarded to random, suspicious domains.
4. Enable Logging/Notifications for Mailbox Permission Changes
If the permissions have been changed to access your mailbox, it could be due to a security breach. To prevent such an incident, make sure you enable logging to record any activity and switch on notifications to alert you to any changes made to your permissions.
You should also monitor permission changes as soon as you are notified in order to secure sensitive content in your mailbox and prevent data leakage.
5. Enable Logging/Notifications for Forwarding Rules
The same rules for mailbox permissions apply to email forwarding, as well. Ensure that notifications alert you to any changes in your forwarding settings, as a breach could cause your emails to be forwarded to a fraudulent domain. Logging will keep a record of any activity or change to your settings, so keep this feature enabled.
6. Enable Mailbox Auditing
Mailbox auditing enables you to track a user’s activity in their mailbox or anyone else’s. Enabling this tool allows you to view any suspicious activity that wasn’t committed by the user. If unusual activity occurs on your account, you can take steps to prevent malicious activities and re-secure your mailbox.
7. Add Security Measures to SharePoint
Another way to secure your Office 365 tenancy is to restrict the people users are able to share content with on Sharepoint. As unlimited documents are shared on the cloud, this will give you more control over your own documents and who can view them. Only allow access to users in the organization, even if someone else has the link.
8. Implement a Password Policy for Azure AD Connect
You should also ensure that you develop a password policy for Azure AD Connect. This tool allows you to sync passwords from on-prem to Office 365 for ease of use. To secure it, set up an on-prem password complexity policy, which will then be enforced by Office 365 once sync’d.
9. Encrypt Your Files
Data encryption prevents your files from being accessed when a device is stolen, as the information will become scrambled. It also ensures that only authorized users are able to view or use data files. Utilize the encryption features in Office 365 E3 license tiers and higher. If you’re unsure which encryption features to apply, refer to the information in this short guide.
10. Configure Microsoft Advanced Threat Protection (ATP) Policies
Configuration of ATP policies allows for safe attachments, links, teams, and more (ATP Plan 1 is included in Business Premium). This is especially recommended when a lot of information is being shared over these platforms, as it’s not always easy to tell what is safe and what’s malicious.
11. Implement Data Loss Prevention (DLP) Strategies
To prevent data loss, define policies for data such as personally identifiable information (PII) so that Exchange flags it and prevents it from leaving the organization. With these policies in place, you can block confidential information from being sent to OneDrive, Sharepoint, and other public cloud-based platforms.
As you work to secure your Office 365 tenancy, begin by implementing these strategies or working with a trusted Managed Service Provider to implement them for you. Cybersecurity is paramount for businesses who want to prevent unauthorized access or corruption of data, especially in a time where threat actors wish to take advantage of vulnerable businesses who have had to make abrupt switches to remote work.