Every day, cyber criminals bombard networks with phishing emails or social engineering enticing users to give up confidential information.
Examples include trying to trick you into giving them your user name and password, or access your computer to secretly install malicious software that will give them a door to your passwords and organizational information as well as giving them control over your computer.
Is Your Microsoft 365 Suite Secure?
Magna5 has recently seen a spike in data breaches through our network of customers asking them to provide cyber thieves with their Microsoft 365 credentials. As soon as they gained access, they immediately seized the names of executives and customer names and spoofed end users into sending them large sums of money to pay an outstanding account balance or purchase gift cards. Then they went after the organizations’ customer list with the same social engineering or phishing tactics. None of the original organizations targeted had adequate security mechanisms in place to verify the users’ identities for a login or other transaction.
Multi-factor Authentication – Your First Defense to Protect Against Unwanted Access
What can you do better to prevent unauthorized access?
When purchasing Microsoft 365 subscriptions, it is important that it includes security features to protect authorized access to your MS 365 suite. Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). MFA comes with certain MS 365 subscription levels. So even if your budget is tight, this is one feature you don’t want to overlook. MFA is a trusted countermeasure to safeguard your data from unauthorized intrusion.
Build a Stronger Defense
Jacob Bever, Magna5’s Sr. Systems Engineer, recommends that you also pair your MS 365 multi-factor authentication with complementary security features to make your protection even stronger.
“To better protect your emails and documents, Azure Information Protection for Microsoft 365 provides strong encryption and user rights protection management to restrict access,” said Jacob. “You can easily classify and label data in your organization at the time of creation. These labels travel with the data throughout its lifecycle, regardless of where it’s stored.”
Also, to comply with business standards and industry regulations, organizations must protect sensitive information and prevent its inadvertent disclosure.
Sensitive information can include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers or health records. GDPR, HIPAA, CMMC and other regulations also require strict policies for data protection. Data loss protection should be on your checklist to protect your data in the event of a breach.
“When you add a data loss prevention policy in the Microsoft 365 Security & Compliance Center, you can monitor and automatically protect sensitive information across Microsoft 365,” said Jacob.
Finally, Jacob recommends protecting your data assets by identifying and controlling who’s trying to access through the Active Directory. With a proliferation of anywhere, anytime access from remote users and devices beyond an organization’s network, conditional access through the Active Directory will help apply the right access controls for remote users outside the network.
Incidentally, you can get all these complementary security features when you subscribe to the Microsoft 365 Business Premium plans.
Augment your security with employee awareness
Exploiting human behavior is still the key tactic in how cyber criminals trick end users into opening entry points for intrusion.
Last year, Magna5 ran a three-part security campaign called “Don’t Do It.” (See “Don’t Do It, Ted,” “Don’t Do It, Tracy,” “Don’t Do It, Dave.”) It was designed to encourage readers to stop and think before clicking a malicious link in an business email. Check it out.
Other employee awareness training programs, such as KnowBe4, offers outstanding online training, videos and simulations that help employees make smart decisions before clicking a malicious link.
Need help in improving your Microsoft 365 security? Contact us to schedule consultation with one of our experts.
Mike Penn joined Magna5 as Senior Content Developer. His role is to bring to life stories that inspire or inject clarity in how managed services and emerging trends can be applied to help organizations operate better and more efficiently.