Fortify your Office 365 defences
The power of Office 365 is impressive, giving you the ability to harness the power of the cloud with greater collaboration and optimised security to name but a few of the benefits.
But did you know Office 365 isn’t as secure as you think it is when it’s fresh out of the box?
So, how can you defend your Office 365 from a devastating fire-breathing dragon attack, so to speak? We’ve compiled 7 initial configurations you should have in place to harden your Office 365, to enable you to gain greater control of your systems and networks and to help ward off someone trying to infiltrate your fortress.
7 configurations to strengthen your Office 365
- Set-up outbound spam notifications, by setting up alerts to identify a possible compromised account that is sending mass outbound emails, enabling you to react quickly and take control of the situation
- Enabling client rules forwarding block, to maintain control over end users’ ability to set up auto forwarding, to help prevent data loss from either leavers or malicious actors redirecting valuable data. Especially when data is commercially advantageous for instance in Sales, Recruitment, and Law firms
- Designate less than 5 global admins, to reduce the number of accounts that can perform Global Administrative tasks – Allowing you to lock-down multiple routes in for someone to seize control of your environment
- Do not allow anonymous calendar sharing, to prevent against unauthorised access to staff calendars as well as reducing the level of detail that can be seen in shared calendars, which could be used to collect valuable information to launch a malicious attack
- Enabling mailbox auditing for all users, to provide detailed activity logs that can be put in place for deeper analysis, to proactively alert you to suspicious behaviour. Allowing for retrospective analysis of multiple Office 365 activities and traffic
- Don’t use transport whitelists, to prevent whitelisted domains slipping through anti-phishing controls and bypassing malware
- Turn off POP and IMAP protocols – Using these can bypass MFA!
Taking your defences to the next level
Configuring your malware filtering policies to block file attachments in email, based on the file type, can also help to reduce common malicious filetypes making their way through your defences.
The same goes for configuring spam filtering policies, that filter email based on a senders’ reputation can be beneficial by whitelisting and blacklisting email addresses and domains. Because let’s face it, you wouldn’t lower your drawbridge to allow White Walkers into your castle especially given their cataclysmic reputation, would you? And so, the same thinking should be applied to your inbox. And configuring connection filtering policies by blacklisting other Mail Servers by their IP addresses can also provide a quick, block-all approach against known malicious email servers.
All three controls provide a layered approach to reduce the possibility of SPAM getting through. Adding ATP (Advanced Threat Protection), which using sandboxing and ‘detonation’ of attachments and links to evaluate and block more advanced threats also adds additional capability and is a worthwhile advance over the standard tools.
Multi Factor Authentication
The majority of Office 365 breaches occur due to credentials being stolen via phishing attacks, or by what is known as a ‘low and slow’ attack. This is where an attacker might try well known passwords over a long period of time to avoid detection and account lockout rules.
The majority of attacks against email accounts can be avoided by enabling 2-Factor-Authentication (2FA), you can read more about 2FA on our blog. Even if the attacker takes time to crack or capture your password they still can’t bypass Multi Factor Authentication (MFA) to login to your account remotely.
To step it up a notch, you can also upgrade to the EMS suite, which provides greater controls of who and what devices can access your Office 365 tenancy and it adds controls like conditional access for improved security and a better user experience.
Monitoring unusual activity
Information Rights Management (IRM) can protect against a potential attack by typically relying on identifying unusual activity on your Office 365 environment. By reviewing this information on a regular basis, this will allow you to build up a baseline of what ‘normal’ activity looks like to better identify any unusual activity that could indicate a compromised system.
Our Cyber-security CISSP experts are helping customers by performing proactive reviews. The immediate benefits of an outsourced team can mean your internal team isn’t bogged down with time-consuming activity, and Cyber-security experts can provide a more focussed approach due to higher levels of exposure and experience.
We would also advise tailoring your policies to meet your unique environment. We can help you to develop an IRM Policy to help prevent accidental or malicious exposure of your data outside of your organisation, especially if your industry is targeted by hackers because of high value data assets.
At the very least, ensure you have the 7 initial configurations in place to strengthen your Office 365. If you’d like more advice on how to further protect your Office 365 please contact us by calling 0330 403 0011 or emailing us at [email protected]