Microsoft cloud account services see about 300 million attempted breaches every single day! Far too many of them are successful because users haven’t properly configured their Microsoft 365 account security settings.
Many Treasure Valley area companies leave security settings in their cloud accounts at the defaults, falsely believing that it should be “good enough” to keep their data protected.
But SaaS providers don’t generally default all security settings at their highest levels. Instead, they provide flexibility to increase security in a number of ways. But users have to take advantage of those configurations to benefit from them.
80% of companies have lost data in a cloud account.
If you want to make your Microsoft 365 business account more hacker-proof, here are several important security settings you can take advantage of.
Boost Microsoft 365 Account Security With These Tips
Use a Single Administrator Account
Hackers love it when they breach a user account that has administrative privileges because it allows them to do much more damage than a regular user account. They can change security settings, add and remove users, and much more.
An admin account is like a golden master key, and the more of those keys you have, the more at risk you are of a costly data breach.
Reduce your admin accounts down to one that is shared between your administrators. To do this, you’ll set up what’s called a Dedicated Global Administrator Account in Microsoft 365. You do not have to pay an additional user license for the account because it’s used for admin duties only.
Admins will log into the account to do administrative functions, then log back out when finished. This way, those users don’t need to have admin privileges on their own accounts.
Stop Auto-Forwarding of Email Outside Your Company
When is the last time you checked your auto-forwarding settings for your email account? Most users go months without a need to look at these and might miss the fact that a hacker has been silently forwarding all their email to his/her address to steal what they can.
It’s a good idea to block the auto-forwarding of company email outside your business. You can accomplish this by doing the following:
- Log into the Exchange admin center to set up a transport rule
- Select “rules” in the mail flow category
- Create a new rule and click the More options at the bottom of the window
- Add the settings below
- Click to save
Mail settings to create:
- Setting: Reject Auto-Forward emails to external domains
- Name: Prevent auto-forwarding of email to external domains
- Apply rule if: Sender is internal (inside organization)
- Add condition: Recipient is external (outside organization)
- Add condition: Mail type is Auto-forward
- Do the following: Block the message and include an explanation
- Add text for explanation: “This forwarding action is prohibited” (or whatever you choose)
Ensure All Users Have to Use Multi-Factor Authentication (MFA)
One of the best protections you can put in place to prevent an account being breached is MFA. Even if a hacker has a user password, 99.9 times out of 100, they won’t have the device that receives the MFA login code, so they’ll be locked out.
Once this is enabled in the Security & Compliance Center, users will be prompted to set up a device to receive the code at their next login.
Get Alerts for Too Many Emails Being Sent
When a hacker takes over a Microsoft 365 user account, they’ll often use it to send mountains of spam and phishing emails. Phishing of this type is typically sent to users in the company, customers, and vendors, because they’ll all recognize the email domain as legitimate.
You can be tipped off as soon as this may be happening by setting up an alert in the Security & Compliance Center that lets you know if a particular user account has sent emails past a set daily volume threshold.
Use Email Encryption (Premium Accounts)
Users of Microsoft 365 Business Premium have more security protections than those with a lower business account subscription level. One of these is the ability to use email encryption to encrypt messages and attachments. It also allows you to add a “do not forward” policy on emails.
A bonus is that this feature is already set up and ready to go, users just need to know how to use it and when to use it. Companies should create a specific policy for which emails should get encrypted for safety. Encryption means that only the intended recipient of an email has the decryption key to be able to read the email and any file attachments.
Users can find this feature in the following places:
- Outlook on desktop: Options > Permissions
- com: Protect > Change Permissions
Get Help Securing & Maintaining Your Microsoft 365 Account
Connect2Geek offers expert Microsoft 365 setup, security configuration, and ongoing maintenance and monitoring for Treasure Valley area businesses.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.