Securing Microsoft 365 and 2 Step Authentication

Aug 2019

At Affinity, we take your business seriously and want to help you make the most of the products and services we offer.

We are going to explore some of the options available to you when securing your Microsoft 365 (formerly Office 365). Plus, how you can implement changes in order to do so.

Train Your Users

Firstly, training your staff to use Office 365 in a safe and secure manner will go a long way to helping you retain vital business information. If taught from the beginning, then this process is relatively easy.

All users should inform managers and admins if there is a breach of security, so that action can take place right away. They should understand the need for strong passwords and protecting devices with secure logins. All the security features on windows devices are designed to aid them and so should be switched on and used.

Securing Admin Accounts

Dedicated administrative accounts have several privileges that user accounts do not. The members of staff with these accounts need to know that this type of account is one that hackers like to target.

Admins need two accounts, a user account for day to day activities and the admin account. When using the admin account, they must take extra precautions, such as closing and sign out of unrelated browsing windows, personal email accounts and apps. Once tasks have been completed in the admin account, they should be diligent in logging out.

Malware and Ransomware

As a business, having up to date antivirus databases and protecting against malware and ransomware attacks are paramount. You would not leave the door open and the keys in the ignition on your machinery assets.

These tools are the locks and keys to securing your data. For more advice on how to apply these tools follow this link for Anti-malware protection and this for Protecting against ransomware.

Auto Forwarding mail

This little trick comes by the way of hackers, and they can achieve this without your knowledge. They gain access to the user mailbox and set up auto-forwarding.

To combat this, create a mail flow rule in the Exchange admin centre that does not allow auto-forwarding. If you need help, please contact us for assistance.

Send Protected Emails

This is easy to do, just write your email and click on the permissions button for options, such as, ‘do not forward’ and ‘encryption’. Train your staff to use these options whenever sending sensitive data.

2 Step Authentication

Also known as multi-factor authentication (MFA). This is the absolute must for all users, but especially Admin accounts. Hackers can easily guess passwords. Even if you use hard passwords, the trend is to store them using password managers.

Once hacked a password manager means the whole pandora's box is open. Turn on 2 step authentication in the admin centre, that way all users will have to sign up using this more secure method.

2 step authentication means that users are sent a code via SMS to their mobile, which they must enter in order to access information on the account. Some devices are capable of using biometrics and so they may be used as a form of authentication too.

Even if a hacker guesses a password, they are highly unlikely to get access to any sensitive data, if they have to get the users phone and biometric input too. It may seem troublesome, but not as troublesome as losing large quantities of valuable business data.

If you would like to know more about how to secure your Microsoft 365 business account, then please talk to us.

Recent Posts