Improving the Security Posture of Microsoft 365 – 6 Further Cyber Security Safeguards

Microsoft Cyber Security 2

Cyber Criminality is on the rise! Data from countless studies suggest that cyber attacks are increasing in sophistication and prolificacy, both domestically and globally.

The UK’s Cyber Breaches Defences Survey 2022, made for worrying reading. It discovered that 39% of businesses in the preceding 12 month period identified a cyber attack, and of these 31% reported suffering an attack at least once a week. The survey also determined that the average attack cost businesses £4200, with this figure rising substantially for medium to large businesses.

With the threats so prevalent and potentially damaging, it pays to have well-considered cyber security architecture in place to defend your data. In the previous article we looked at 5 immediately actionable steps you can take to reinforce your Microsoft 365 accounts from within. Now let’s consider 6 further actions you should consider to safeguard your Microsoft Cloud environment. Unlike the actions outlined previously, these steps may not be deployable through your Microsoft 365 subscription, and may require further investment.

Use dedicated accounts for system admin

In the previous article we looked at how you can configure role-based access controls to extend ‘admin’ privileges to users on a very limited basis to reduce risk. However, we would recommend going one step further, by setting up dedicated accounts solely for the purpose of system admin tasks.

These accounts should feature severely restricted web-based functionality. This means the prohibition of any form of web browsing, no email access and no internet-connected applications. You want to severely restrict a hacker’s options for entry, and the best way to do this is to restrict web interaction via these accounts to the highest possible degree.

Establish a third-party backup

With features like geo-redundancy and the ability to configure retention policies, some Microsoft 365 users are fooled into believing that 365 performs a ‘self backup.’  This is simply not the case, as compared to a full-service data backup Microsoft 365 is very limited in its retention capabilities, and simply doesn’t meet the retention standards required by many industries, including finance, healthcare and the public sector.

A dedicated third-party backup solution optimised for Microsoft 365 will ensure your data is recoverable in line with your compliance obligations, with retention capabilities and data discoverability tools that far outperform 365’s native capabilities.

Phishing Awareness Training

‘Phishing,’ often called a ‘social engineering’ scam, is a strategy used by cyber criminals to extract payment or compromising information from victims typically using some form of manipulation. Email is a commonly used vessel for such attacks, with the scammers typically using emotionally-charged language to persuade victims to enter account credentials into bogus websites, or open malware-infested attachments.

Email filtering tools are becoming increasingly advanced, with some deploying artificial intelligence to spot the hallmarks of the Phishing scammer and preventing such emails from reaching their intended recipients. Unfortunately however, it’s inevitable that some of these pernicious emails will find their way through to your employees’ inboxes,  necessitating Phishing Awareness Training to ensure your staff are able to identifying the scammers and the tricks they deploy.

Mobile Device Management (MDM)

With the huge rise in remote working following the Covid-19 pandemic, more employees than ever are accessing corporate information on mobile devices such as tablets, laptops and mobile phones. It’s important to ensure such devices are subject to the same safeguards and security controls as your office devices, and the easiest way to do this is by using mobile device management (MDM) software.

MDM software allows security administrators to assume remote control of mobile devices, ensuring they feature the latest security updates and are configured for maximum security. MDM solutions allows for the enforcement of stringent authentication procedures, to help ensure only authorised personnel are accessing your digital resources, and they can also block the download of unapproved applications to guard against inadvertent malware infection.

Microsoft Intune is Microsoft 365’s native mobile device management tool, and comes included with some ‘Enterprise’ subscriptions. When combined with the access management capabilities of Azure Active Directory, Intune offers comprehensive remote management functionality and is a great way to secure the remote devices your team are using to access Microsoft 365.

Establish data loss prevention (DLP) policies

Accessible through the Microsoft 365 Security and Compliance centre, data loss prevention policies allow you to apply restrictions to prevent the misuse, deletion or misplacement of sensitive information. The system can scan OneDrive, SharePoint, Outlook and Exchange for data bearing the hallmarks of sensitive information types, with the ability to identify the likes of financial data or PII (personally identifiable information).

Data loss prevention policies can be configured to display pop-ups whenever a user attempts to perform a prohibited action. Alternatively, they can be configured simply to block the action, ensuring the data in question remains in its rightful location.

Implement Extended Threat Detection and Response (XDR)

Extended threat detection and response platforms offer next-generation threat neutralisation capabilities, with the ability to detect and counter cyber threats as they appear across multi-cloud , hybrid-cloud and on-premise environments.

Microsoft 365 defender offers a centralised dashboard for organisation-wide security governance. Covering endpoints, identities, apps, email and data, Defender is an all-in-one solution designed to identify threats in their formative stages so that action can be take early to prevent a cyber catastrophe. Available via some Microsoft 365 ‘Enterprise’ subscriptions, this platform constitutes a vital component of Microsoft’s Security offering.

Conclusion

We hope this blog series has been helpful in highlighting some of the key ways to defend your Microsoft 365 environment. These actions should be taken as part of a wider network of protections, which should include further technical measures including encryption and firewall protections, as well as organisational steps such as the establishment of a robust business continuity plan.

About Provident IT

From ad-hoc technical support through to fully managed IT support, the Provident IT team can be your own internal IT department – but with more resources and lower costs. We work with businesses of all sizes and in all kinds of different capacities, with a proven track record for improving productivity, increasing security and reducing IT spend for our clients.

Recent Posts