Following on from major data/security breaches in 2018 so far from Facebook which we covered in a previous blog, more recently Ticketmaster and the Spectre and Meltdown security breach, the need for businesses to protect themselves from cyber-attacks and potential hacks has never been greater. For many businesses that use Office 365 this serves as a reminder for their entry point into the Cloud.
Whilst migrating to the Cloud can provide many benefits this in itself can also provide many security challenges. In our latest tips and tricks article we will provide you with 8 top tips on how to secure Office 365 in your business.
Tip 1: Create and implement a password policy
This almost goes without saying but you can’t always legislate for the human element and it is often proved that employees who are left to their own devices can often pick relatively straight forward passwords that are easy to find out or guess. Therefore, it is crucial that your business creates and implements a password policy that incorporates strength (eliminates the 'Password' or '12345' entries) and has an automatic password expiration setup.
Tip 2: Make use of the Data Loss Prevention feature
With GDPR now in operation it is important for your business to make use of the Data Loss Prevention (DLP) feature within Office 365 and Exchange. Through this feature you can create policies that put restrictions on certain content such as emails or personal information being saved on SharePoint Online/OneDrive or otherwise shared outside of the business.
Tip 3: Back up your data
Although Office 365 does offer the ability to backup data, the retention and recovery options are somewhat limited. Therefore, it makes more sense for your business to backup data with a third party application such as Microsoft Azure.
Tip 4: Make Multi-Factor Authentication compulsory
This means that users are required to login with more than just their username and password. Some of the multi-factor authentications can come to include answering a call or even entering an access code received via text. This feature can be setup on a user by user basis or based on an IP address or location.
Tip 5: Make use of Advanced Threat Protection
With the continued trend of phishing threats being sent via email, Office 365's Advanced Threat Protection can provide an extra layer of protection for your business to safeguard you against untrustworthy attachments or malicious phishing links. As well as using this, you can also make use of third party applications such as Mimecast and WatchGuard which can help build up an extra layer of security.
Tip 6: Regularly assess your environment with Secure Score
Secure Score can be used to audit your current Office 365 setup which then assigns a score based on your day to day activities and security settings in place. Furthermore, it also provides some recommendations on how you can further improve your security.
Tip 7: Make use of the message encryption service
As an Office 365 user you have access to a message encryption service. This requires a recipient to login into the platform to read and reply to an encrypted message or to use a one time passcode to access it.
Tip 8: Make use of Mobile Device Management
Mobile device management (MDM) gives you the authority to setup controls for mobile devices that are used to access Office 365. This provides you with the ability to set user level policies or even to completely wipe a device.
If you would like to find out more about cyber security or safeguarding your business online, we're currently offering businesses help to make them Cyber Security Certified.
If you would like to find out more about Office 365 or have any other queries regarding Office 365, you can get in touch with us where our expert team will be on hand to discuss your specific requirements.