A survey of companies across 26 countries, including Singapore, found that 70% of businesses have suffered a public cloud breach within the last 12 months. Cloud security has become a major issue following the migration of a majority of organizations to cloud workflows and platforms like G Suite, Microsoft 365, and other cloud services. Small businesses tend to use platforms like Microsoft 365 “as is” without having any custom configurations put in place. This has two big disadvantages:
- Companies end up only getting a portion of the overall value of the platform
- Security settings can be defaulted too low and leave an account at risk of a breach
Misconfiguration accounts for approximately 82% of security vulnerabilities. What is misconfiguration? It’s defined as failing to put in place all the security controls for a web application. For example, leaving a cloud account at default settings, and not turning on specific available protections, such as multi-factor authentication (MFA) or email phishing safeguards. Have you been using Microsoft 365 without having the security configured for your needs? Then you’re at a much higher risk of a cloud data breach than you should be. If you’ve been looking for the best way to keep the cloud secure, read on for several Microsoft 365 security settings you can have put in place on your account by Managed IT Asia.
Tips to Properly Secure Microsoft 365
Turn On MFA for All Users
The single most important thing you can do to protect your user accounts from being breached is to add a second factor of authentication by turning on multi-factor authentication for all users. This setting will require users to set up a device that receives a login code that is entered along with their username and password to gain access. Hackers won’t generally have access to the device that receives the code, thus they’re stopped from getting into an account even if they have the password.
Turn On Anti-Malware Protection
There is a setting you can have turned on in Microsoft 365 that will block email attachments that are file types known to contain malware. This helps protect users against phishing attacks, which are the #1 attack method for data breaches and malware infections. This is done in the Security & Compliance Center, under Threat Management > Policy > Anti-Malware. The “Common Attachment Types Filter” should be switched to “On.”
Improve Ransomware Safeguards
There are two things you can do to help protect against ransomware that comes in via file attachment. Ransomware can infect a cloud account and encrypt all files, making them unusable. Without a proper cloud backup for SaaS data protection, you could lose access to all your account data and be at the mercy of the attacker demanding a ransom. The two settings to configure for this are:
- Warn Users of Macro Files: In the mail flow category of the Exchange admin center, create a new rule to warn users that macro-enabled files can contain malware and to only open if they know it to be from a legitimate sender. File types to target are: dotm, docm, xlsm, sltm, xla, xlam, xll, pptm, potm, ppam, ppsm, sldm.
- Block File Types Known for Ransomware: Another rule to set up in the mail flow category is one to block file types that are known to be used for ransomware. This includes: ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif.
Use Just One Dedicated Global Administrator Account
The more user accounts you have with admin privileges in Microsoft 365, the more chances a hacker has of compromising a high-level account. And if those accounts are used for other activities, like email and logins to online Microsoft resources, it makes them even more vulnerable. You can add a dedicated global administrator account that is used only for administration activities without adding any additional user licenses. Users then just log into this account when they need to handle admin functions and log back out when finished. This reduces the risk of an admin-level account being breached.
Use Email Message Encryption (Premium Subscriptions)
Subscribers of Microsoft 365 Business Premium can take advantage of email message encryption. This comes pre-configured and can also be used with company security policies used in the platform. Message encryption can be used with Outlook.com, Yahoo!, Gmail, and other email services used with the platform. It allows users to easily add these two protections to a message and its attachments:
- Encrypt
- Do not forward
Using encryption can help your team better protect sensitive information that’s sent via email.
Get Managed Cloud Services for a More Secure Account
Managed IT Asia offers cloud customization and management to ensure your Singapore business is getting the most out of your SaaS subscriptions. Contact us today to schedule your free consultation. Call +65 6748 8776 or reach us online.
MANAGED IT ASIA, we are an IT Support, IT Solutioning and Managed IT Service Provider specializing in serving Small Businesses across Asia. Call us at +65 6748 8776 and let us manage your Small Business IT today!