Most small or medium-size organizations today are using, or migrating to one of Microsoft’s 365 suite of applications. With the recent shift to remote work, and the attendant increase in the use of collaboration tools included with Office 365 business plans, organizations are bound to be targeted by cyber criminals and hackers.
More critically, due to the speed of these deployments, many small organizations may not be fully equipped to consider the security configurations of the cloud-based platforms they are migrating to.
There are continued instances where businesses and organizations, especially those in the small and medium-sized business (SMB) category are not implementing best security practices in regard to their Microsoft Office 365 implementation.
The ultimate result, inevitably, will be the increased vulnerability of these environments to attacks by threat actors or hackers.
If you are in charge of securing the technology infrastructure and applications used in your organization, you can use the guidance in this article to increase the security of your Microsoft 365 Office Suite deployments.
Well before the current COVID-19 pandemic, Tech Prognosis had conducted several engagements with customers who have migrated to cloud-based collaboration solutions like Microsoft Office 365. However, the events of the past few weeks have forced many organizations to change their collaboration methods to support a full “work from home” workforce.
Office 365 provides cloud-based email capabilities, as well as chat and video capabilities using Microsoft Teams. While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as Office 365, hasty deployment can lead to oversights in security configurations and undermine a sound Office 365-specific security strategy.
1. Set up Multi-factor Authentication for Microsoft 365
Using multi-factor authentication is one of the easiest and most effective ways to increase the security of your organization. Multi-factor authentication is also called 2-step verification. Individuals can add 2-step verification to most accounts easily, for example, to their Google, Microsoft, and other sensitive online accounts.
When Multi-factor authentication (or MFA) is enabled and activated, a one-time use code is sent from an app to a device you have like a mobile phone, tablet, or computer, and you have to type in that code before you are granted access to your Microsoft 365 account, or application.
The use of multi-factor authentication can prevent hackers from taking over an Office 365 account even if they manage to steal your password. Here’s how to add two-step verification to your personal Microsoft account.
Administrators of Microsoft 365 plans can add a setting that requires users to log in using multi-factor authentication. When this change is made, users will be prompted to set up their phone for two-factor authentication next time they log in.
2. Train your Microsoft 365 users on Cybersecurity
Developing a robust Cybersecurity program requires the existence of a strong culture of security awareness within your organization. The core of establishing a mature cybersecurity culture starts with the training of users on how to identify cyber attacks like phishing, for example.
In addition, we recommend that your users follow established policies to protect their accounts and devices from hackers and malware. Some of the actions they can take include:
- Using strong passwords
- Protecting devices
- Enabling security features on Windows 10 and Mac PCs
In this era of remote work and increasing online activities, we also recommend that users protect their personal email accounts by taking the actions recommended in the following articles:
Help protect your Outlook.com email account
Protect your Gmail account with 2-step verification
3. Raise the level of protection against malware in mail
Email is critical to an organization and malware (usually in the form of an attachment or a malicious link) provides a way for cyber criminals to use email as a disguise to try to sneak by and steal business data.
The Microsoft Office 365 environment includes protection against malware, but you can increase this protection by blocking attachments with file types that are commonly used for malware.
4. Protect against malicious attachments and files
People regularly send, receive, and share attachments, such as documents, presentations, spreadsheets, and more. This is even more common and important today as most employees have to work and collaborate remotely.
It’s not always easy to tell whether an attachment in an email is safe or malicious just by looking at an email message. While Microsoft Office 365 has built-in Advanced Threat Protection which includes safe attachment protection, the feature is not turned on by default. We recommend that you create a new rule to begin using this protection. Advanced Threat Protection extends to files in other Office 365 applications like SharePoint, OneDrive, and Microsoft Teams.
You can also read this article for more information about ransomware protection.
5. Protect against phishing attacks in Microsoft 365
Hackers sometimes hide malicious websites in links in email or other files. Office 365 ATP Safe Links (ATP Safe Links), part of Office 365 Advanced Threat Protection, can help protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents. Protection is defined through ATP Safe Links policies.
Learn more about how URL filtering works here.
6. Disable legacy protocol authentication when appropriate
Azure AD is the authentication method that O365 uses to authenticate with Exchange Online, which provides email services. There are a number of legacy protocols associated with Exchange Online that do not support MFA features. These protocols include Post Office Protocol (POP3), Internet Message Access Protocol (IMAP), and Simple Mail Transport Protocol (SMTP). Legacy protocols are often used with older email clients, which do not support modern authentication.
Legacy protocols can be disabled at the tenant level or at the user level. However, should an organization require older email clients as a business necessity, these protocols will presumably not be disabled. This leaves email accounts accessible through the internet with only the username and password as the primary authentication method. One approach to mitigate this issue is to inventory users who still require the use of a legacy email client and legacy email protocols and only grant access to those protocols for those select users.
For those charged with managing Microsoft 365 Office Suite infrastructure, using Azure AD Conditional Access policies can help limit the number of users who have the ability to use legacy protocol authentication methods.
Taking this step will greatly reduce an organization’s attack surface.
7. Enable alerts for suspicious activity
Enabling logging of activity within an Azure/Office 365 environment can greatly increase the owner’s effectiveness of identifying malicious activity occurring within their environment and enabling alerts will serve to enhance that. Creating and enabling alerts within the Security and Compliance Center to notify administrators of abnormal events will reduce the time needed to effectively identify and mitigate malicious activity.
At a minimum, enable alerts for logins from suspicious locations and for accounts exceeding sent email thresholds.
Solution Summary
Tech Prognosis encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets by defending against attacks related to their O365 transition and better securing Office 365 services.
Specifically, we encourage that organizations follow the recommendation of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that administrators implement the following mitigations and best practices:
- Use multi-factor authentication. This is the best mitigation technique to protect against credential theft for O365 administrators and users.
- Protect Global Admins from compromise and use the principle of “Least Privilege.”
- Enable unified audit logging in the Security and Compliance Center.
- Enable Alerting capabilities.
- Integrate with organizational SIEM solutions.
- Disable legacy email protocols, if not required, or limit their use to specific users.
If you need assistance with implementing a cloud strategy, or migrating to Microsoft 365, contact us at (512) 814-8044, or use this form.
Credit: this article includes content from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
