Six Ways To Secure Your Organization’s Office 365 Environment

Dakota Murphey

More organizations are using cloud services than ever before. In fact, according to recent research, cloud adoption in the UK has soared to 88%. Businesses and organizations have come to rely on related technologies for their day-to-day operations. However, to avoid data breaches, it is essential to fully secure cloud environments. This is especially true if your business uses Office 365 (O365) – one of the most widely used cloud services, with more than 155 million active commercial monthly users, making it a prime target for cybercriminals. It can be tempting to assume that your cloud service provider has taken all the necessary security measures to keep your business secure. However, this isn’t necessarily the case.

Cybercriminals are constantly updating and modifying their tactics, meaning that your business needs to take a proactive approach to security and do everything it can to minimize risks. A recently uncovered phishing scam, using a fake non-delivery notification, is one of many designed to compromise O365 users. This growing trend has led the UK’s National Cyber Security Centre (NCSC) to issue an advisory about a rise in O365-related attacks.

Clearly, then, if your business uses O365 or you are considering making the move to the platform, you need to ensure that appropriate security measures are in place.

Enable multi-factor authentication

This is a very simple but highly effective step. With multi-factor authentication, users are prompted to enter a code that has been sent to their mobile phone when they attempt to log in. Setting up multi-factor authentication is very straightforward, and the little amount of time that it takes to authenticate a user is well worth it, thanks to the layer of security it provides.

Make use of dedicated admin accounts

It can be easy to fall into the trap of using one account to administer the whole of your Office 365 environment. However, doing so makes these accounts an extremely valuable target for cybercriminals. Therefore, it is a good idea for admins to use separate accounts to perform everyday tasks that don’t require elevated privileges. Doing so helps reduce the risk of criminals compromising high-level accounts and gaining complete access to your organization’s environment.

Train your staff

There is no substitute for providing a high level of security training to your staff and any third parties that may also use your systems. Individuals are still a common weak link in most businesses’ defenses. It is important to raise cyber awareness so that everyone understands the role they play in keeping the business secure. Provide regular training sessions for all staff, including those at the very top of your organization, on everything from using strong passwords to understanding the latest tactics and phishing scams used by cybercriminals.

Stop auto-forwarding for email

Should hackers gain access to a user’s O365 mailbox, it’s possible for them to send copies of any incoming emails to another email address. This allows criminals to easily intercept crucial information – and the whole thing can be happening without the user’s knowledge. To prevent scenarios like this from occurring, set up a mail transport rule in the Office 365 admin center to block users from creating an auto-forwarding rule to external domains.

Enable full mailbox audit logging

Activating full audit logging in O365 can provide your team with better visibility into the actions carried out in the system’s mailbox accounts. This can provide information including which users have logged in and where from, as well as who is accessing specific documents. Network and endpoint monitoring tools such as SIEM can be used to help automate threat detection and response by improving the identification of new adversarial tactics and procedures.

Engage a managed monitoring service

You might also consider engaging a managed monitoring service to address these challenges. Specialists can make sense of system alerts, differentiate genuine security incidents from false positives, and respond quickly and effectively to attacks.

Staff training can make the difference: “Employees: Your Strongest Or Weakest Link In Cybersecurity.”


About Dakota Murphey

Dakota Murphey is a tech writer specialising in cybersecurity, working with Redscan on this and a number of other GDPR, MDR, and ethical hacking projects.