You might be tired of the words ‘cyber security’ coming up in the news, leadership meetings, emails, and social media feed. But, given the recent cyber attacks and the consistent flow of phishing attempts, cyber security is more than a timely topic; it is crucial.
As the need for cyber security reaches critical levels, the business’ leadership needs to get involved and set an example from the top down. However, this does not mean getting your hands dirty and becoming a cyber security expert. Instead, I recommend you become acquainted with some basics and encourage your organisation to leverage these.
One place that you can start is with Microsoft 365. You might already have a subscription, so you will have access to many in-built features for protecting your business.
In addition, cyber security frameworks, such as the Essential Eight Maturity Model, offer suggestions for strengthening your cyber security posture, and Microsoft 365 includes features that align with the recommendations in the Essential Eight framework.
Here are a few ways you can secure your organisation with Microsoft 365:
Implement multi-factor authentication
If someone in your team reveals their password in a phishing attack, uses repeat passwords or has their password breached in a brute force attack, threat actors have access to your systems. Multi-factor authentication (MFA) requires that a user have two or more methods for logging into a platform. These will include something they know (a password), something they have (a phone number) or something they are (face ID).
Microsoft 365 includes MFA to add an extra layer of security to your accounts. When you enable MFA, each person in your team will need to add their phone number or download the Microsoft Authenticator app on their phone. Once they log into a system, they must enter the code generated, making it much harder for threat actors to breach an account, even if they have the password.
Safeguard administrator accounts
Threat actors often target admin accounts because they have high-level access to systems and data.
Microsoft 365 offers great cyber security tools to protect your admin accounts. You can:
- Require administrators to use passwordless login or MFA.
- Assign permissions to groups of admins based on their roles in Azure Active Directory instead of giving custom permissions to each user.
- Give administrators an account dedicated to their admin duties and another for all other Microsoft 365 access.
Though you do not need to use all of these capabilities, I highly recommend that you implement them to keep admin accounts protected.
Leverage the pre-set security policies
Microsoft 365 includes pre-set security policies to protect businesses of all sizes. These comprehensive policies help secure your data and maintain compliance with industry-specific regulations.
When you purchase a Microsoft 365 licence, you already have pre-set cyber security policies, including protections against spam, malware and phishing.
By default, you will have built-in protection policies turned on for all users in your organisation. However, you can also add standard and strict security policies to strengthen your company. You can establish these if you want to use custom cyber security policies.
Reduce the number of phishing emails
Many of us have seen the sophistication of phishing emails and texts first-hand. Last week, I received one from my ‘bank’, and it would have almost been convincing if not for the mobile phone number they claimed to be their hotline.
Microsoft 365 provides robust anti-phishing and anti-spam protections to protect your organisation from malicious attacks distributed via email. These features use machine learning algorithms to detect phishing and spam emails and attempt to block them before they reach your inbox.
Of course, some emails will find their way through the protections, so you should train your team to recognise such attempts.
Enforce file-sharing settings
When it comes to sharing files in Microsoft 365, there are a few different settings that you can use to help strengthen the protections around your sensitive data.
One of the first things you will want to do is ensure you have the most up-to-date version of Microsoft 365 and have access to the latest security features and patches. You can control the users that view your files and what they can do with them. For example, you can set permissions so that only certain people can view or edit your files. You can also add password protection and data encryption to further protect your data.
Manage endpoint devices
Endpoint protection has become a critical part of any security strategy as more of us work within distributed workforces. Microsoft 365 provides comprehensive protection for your company’s devices, including PCs, laptops, and mobile phones. With Microsoft 365, you can safeguard your devices against malware, viruses, and other threats.
Microsoft 365 also helps you manage your device security settings and keep your devices up to date with the latest security patches. In addition, it offers remote device management capabilities to manage and secure your devices remotely.
Maintain user accounts and devices
As people leave your organisation, you will need to revoke their access to resources and retire their accounts. An ex-employee that still has access to your systems could potentially wreak havoc, or their account could be hacked by a threat actor.
Microsoft 365 can help your business maintain users and devices with the following capabilities:
- Remove users from your subscription as they leave your company
- Reset passwords for active accounts should they become compromised
- Remotely reset a device to its factory settings if it is lost, stolen or no longer in use
- Remove corporate data from specific devices
Keeping up with small maintenance tasks like these can improve your cyber security on a basic level.
Wyntec is your partner in cyber security with Microsoft 365
Cyber security is on the priority list for many businesses now, and you must implement the right systems and solutions. In addition, you need to have a response plan in place should your business become the victim of a cyber attack.
We can help you get the most from your Microsoft 365 subscription by strengthening your cyber security posture with its features. We also deeply understand the Essential 8 Maturity Model and ISO standards.
Please visit our Cyber Security page for more on our capabilities, including cyber security awareness training, endpoint protection and Microsoft 365 security and compliance.
