Office 365 is great because it is in the cloud and is available everywhere. Office 365 is vulnerable… because it is in the cloud and is available everywhere!
Under GDPR regulations business owners have a responsibility to protect their clients and staff data. It would be great if this were just a one-off exercise that we ‘put’ security in place and then never have to worry about it again. The problem is that technology moves on and so does the methods of attack.
Working with a professional IT company specialising in solutions for small businesses means you can stay up to date on the best approaches for securing your data.
If you do nothing else we recommend you take the following steps:
Step 1 – Change your Password
I don’t mean change your password on a regular basis, instead I mean change it once, to a unique password.
Many attacks against organisations start by a password being stolen from a third party website. Every time you setup a new account with a company assume that everyone at that company has access to your email address and password. From that think, what damage could this cause me?
It would be nice if every website had high levels of security but unfortunately that is not the case. Time and time again we hear of companies having breeches and personal information can be stolen. Even if the website used encryption to protect your password, your password may still be crackable.
Our best advice is:
- Change your password
- Make it a series of words or something random
- Include UPPER CASE, lower case, numbers and symbols
- Consider making the password a phrase that is easy to remember
Step 2 – Enable MFA
Multifactor Authentication or MFA or Dual Factor Authentication are all different words for the same process. This approach to security is based on the following principal that a person is trusted if they have:
- Something you know, like a password.
- Something you have, like a trusted device.
- Something you are, like biometrics and fingerprints.
MFA is included with the different Office 365 packages because it is so important. It is very easy to turn on but requires an administrator to do so. Once this is turned on users will be prompted for how they want to authenticate, this can be through:
- Desktop Phone
- SMS Text Message
- Mobile App
Read here to find out how to implement MFA today!
Once MFA is enabled, you can set separate passwords for each of your Microsoft apps.
Step 3 – Setup Message Quarantine
We are all constantly being attacked by email attackers trying to obtain our information. Your Office 365 administrator can turn on a second level of Junk Mail filtering which will reduce the chance that you will get harmful emails.
Quarantine sits above your junk mail folder in terms of priority. The idea of quarantine is that only the worst of the emails go there and then anything else that looks a bit suspicious will be moved to junk.
When a message is sent to quarantine you still have an opportunity to remove the email from quarantine in case it was a false positive. When setting up the service your administrator can specify how often your receive those messages.
Heliocentrix offers a fixed price service to customise these and other settings in Office 365 based on the size of your organisation. The goal is to improve your security reducing the chance of a breech.
By working with us we can help you implement the changes on Office 365 and also help you implement the changes with your team.
If you would like any further information or would like some help implementing any of these changes then do speak to us.