Office 365 security tips
The number of security features built into Office 365 (which are up and running by default as soon as you sign in) is staggering.
This site (or whatever the marketing department is calling this collection of notes and information) doesn’t even have enough room on it to go through all of them—but sites like this one and this one do.
My point is that, around the clock, Office 365 has security experts monitoring data traffic, running Red vs. Blue exercises to test defenses, and orchestrating things your average person has never even heard of, like zero-hour auto purges.
Like I said - you get all of this automatically. No matter what you were using previously, Office 365 is going to be a huge step up for your overall security.
But this isn’t the end of that long list of security features—it’s just the end of the automatic stuff. Without spending a single extra cent (or just insert your preferred currency here, it’s a global era after all) there are eight additional security features available to all Office 365 customers that you can turn on right now. For free.
1. Start by checking your Secure Score.
It’s basically like checking your credit score, but it gauges the strength of your current cyber security setup. Secure Score will even provide you with specific recommendations on where to improve things if it detects any vulnerabilities.
2. Next, set up multi-factor authentication.
This is one of the simplest and most effective ways to protect against having a password stolen or compromised credentials. The user experience is simple and unobtrusive and it’s easy to set up.
3. Train your users.
Any type of security is always, at its core, a process of mitigating human error. The importance of training your users to be an active part of your network security is critical—it’s so important that I’ve written an entire page about creating a security culture.
4. Use the built-in device management tools in Office 365.
Accessing email and corporate data with any device is simple when your users have Office 365, so make sure the process is also secure by requiring a PIN on all devices connected to your network. You can also wipe corporate data from devices that are lost or stolen. To learn more about your device management security options, check out this overview.
5. Set up a separate account for performing administrative tasks.
As the IT manager for your company, you’re usually target #1 for anyone attempting to attack an organization. If you are using your main Office 365 account to make network changes, any attacker who hacks that account now has the keys to everything. Bad news. Check out more information about how to avoid this here.
6. Block malicious file types.
Considering millions of new pieces of malware are detected every day, you can increase your email protection by deciding which file types you want to automatically block from entering your network. Activating the “Common Attachment Types” filter to block these files just takes a few clicks.
7. Store files in OneDrive for business.
If you’re storing all your files in OneDrive for Business, a ransomware attack that locks up a device can be downgraded from a “tragedy” to an “inconvenience.” OneDrive has versioning capabilities that make it easy to roll files back to a pre-encrypted state.
Think of it this way: Use the cloud for storing your important stuff. Use your hard drive for memes.
8. Stop auto-forwarding your email
Turn off the ability for people in your company to auto-forward mail to places outside your organization. There aren’t very many reasons to justify auto-forwarding in the first place, and, in the event that email account is ever compromised, the attacker can easily reroute all those auto-forwards to their own address. After several weeks of auto-forwarding, the attacker will know a lot about the internal working of your organization—and the fact that they can see all your emails about a lapsed hot yoga membership will be the least of your worries.
To learn more about any of these tools, check out the Office 365 Security site.
Office 365 security tips
Things you may be wondering about:
Won’t enabling multi-factor authentication be disruptive for my users?
If they have a smart phone, installing the Microsoft Authenticator app makes acknowledging the second factor as easy as a finger-press. Windows Hello for Business makes it easy on Windows PC. The other options (text message, phone call) are a bit more hassle but still minor compared to the disruption that a stolen password can cause. I recommend you try it out for yourself to get familiar with how MFA works.