5 Best Practices to Secure Your Company’s Office 365 Accounts

Microsoft Office 365 is a powerful and valuable tool for any business. It helps boost productivity, improve accessibility to vital documents and reduce security risks through the multi-million worth advanced security features.

However, with accessibility comes risks of data leakages, malware, hackers, and losses. Attackers would be happy to get their hands on your organization’s financial information and other data to commit crimes or ask for ransom. So, to increase your Office 365 account security, you must implement several security practices.

This article will discuss some of the best practices to secure your Microsoft Office 365 account and secure your organization.

1. Know Your Enemy

To win any battle, you need to know your opponent well. Defending your Office 365 account starts from understanding how your enemies may try to attack it. Attackers may use many tricks to gain access to your accounts, and the most common way to do this is using some takeover attack designed to steal your employees’ login credentials.

They use phishing emails, which are surprisingly effective, especially if your employees are not keen.  Attacking your Office 365 account is not easy, and that’s why they will use tricks to get in.

That means the phishing email will resemble that coming from Microsoft. It might read something like, “looks like there is a problem with your account billing. Please click here to fix it.” Once your employee clicks and provides the details required, the attackers immediately take over the account. That’s why you need to invest in employee training.

2. Educate Your Employees

Before you implement any IT security protocols and policies, make sure your employees understand the importance of training and the seriousness of security threats on any organization’s accounts. Invest in adequate training for teams, as well as a full technology audit, even if it means hiring IT professionals.

Remember, technology, and human error cannot mix. Human error is by far the most significant cybersecurity risk to your business, and that’s why it’s crucial that your employees know the proper protocol to avoid such attacks. Make it mandatory training for every worker who joins your team.

Don’t allow new employees to use company technology or access sensitive data before the training. Data security must become part of your business culture, and training must be repeated regularly for all levels of users. Every employee should be trained to:

  • Set stronger passwords
  • Manage passwords properly
  • Use the in-built security settings in the system software
  • Protect other personal devices like laptops and cell phones
  • Follow company security protocols and best practices

3. Set Up a Two-Factor Authentication

The most effective way of improving Office 365 security is enabling two-factor authentication. Your employees will need to provide a unique, steadily changing code along with the correct password and username to access an account.

Microsoft Office 365 has a fantastic feature that does not require you to prompt the unique code to connect your account to any trusted device. If an attacker attempts to hack your employee’s accounts, they will be required to provide the unique code. Since it is continuously changing, it becomes almost impossible to crack it.

Setting up the two-factor authentication on 365 accounts is not only effective but also easy to set up. In addition to external 2FA connectors like LoginTC that are useful for large teams, Office 365 has a built-in 2FA option suited for small teams or individual entrepreneurs. Simply find the navigation pane in the admin center and click “set up.”

Next, go to the “sign in and security” section, and you will find an option that says “turn on multi-factor authentication.” Head to “view,” which will take you to another page with a “make sign in more secure.” Click “get started” and select the box with “require multi-factor authentication.” Block access if there is any risk detected.

4. Make Stronger Passwords Mandatory

Part of your employee training should involve choosing strong passwords. Easy-to-remember philosophy is a thing of the past. In fact, it should be banned to protect and secure accounts.

Passwords are the easiest to crack but also the first line of defense. If an attacker cracks your password, all your information can be leaked or deleted quickly. All employees should follow a specific password policy to prevent brute-force attacks.

You can use a simple formula for users to follow when setting their passwords, like use a minimum of 8 characters, lowercase, uppercase and numeric characters. You can also select an expiration date for passwords and don’t allow the use of the same password in multiple accounts.

5. Use Active Directory and Dedicated Admin Accounts

If you have many employees, it’s almost obvious that not all of them will be careful enough to detect security threats and act promptly to secure the organization’s data.

Active Directory is designed to correct a human error by detecting and stopping data access from unknown or suspicious sources. For instance, you might notice your employee accessing their account from their apartment in Los Angeles and suddenly tries to access it from Russia. The active Directory helps you detect these anomalies and act immediately.

The dedicated admin accounts on your 365 account include some elevated privileges. The system developers know that admin accounts are hot targets for cyber criminals and hackers. Use your admin account for your administration work and have a separate user account for non-administrative use. Only use your admin account when necessary and ensure it is secured with multi-factor authentication. Don’t forget to log out every time you are done with your admin tasks.

Author’s BIO: Lori Wade is a journalist from Louisville. She is a content writer who has experience in small editions. Lori is currently engaged in growing awareness around cyber security. You can find her on LinkedIn. Hope you appreciate Lori’s useful insights!

What happens when it rains – is moving to the cloud always a good thing?

Throughout the last year, organisations and individuals have had to adapt to remote working and a reliance on online collaboration tools such as SharePoint, G-Suite, Slack and Dropbox. However, even before the pandemic struck, many organisations were moving their systems and information to the cloud. Against this backdrop, the question arises whether moving to the cloud is a good thing, and what are the main associated risks which organisations should consider?

Up to 83% of companies will use cloud-based software to make their work easier and faster

The move to the cloud is now probably irreversible, with Forbes Magazine estimating that up to 83% of companies will use cloud-based software to make their work easier and faster. There are some considerable advantages available, which have proven incredibly beneficial for companies over the last year. In particular the cloud has been a key factor in allowing flexible working for employees who can still easily collaborate on projects, and access their core information from anywhere efficiently.

Cloud based applications such as SharePoint, Teams, the G-Suite, and so on allow for full visibility of, and real-time collaboration on, critical business information, ensuring that work can continue when not in a physical office. Within the context of projects at Hart Square, working in the cloud has allowed us to continue to deliver and collaborate with our clients and to ensure vital projects do not stall.

Additionally, there are considerable security benefits that moving to the cloud brings now; data centre operators, and the service providers who host servers, data and infrastructure within them for clients, have to invest exceptional amounts into the security layers they put in place, well beyond anything that we as individual businesses could justify. Ensuring data centres are secure and safe is fundamental to the viability of their business.

This allows you to access your data from anywhere in the world, so even if you did lose a laptop this need not result in a catastrophic loss of data and embarrassing headlines, although there are warnings to heed too.

Risks and mitigation

As the recent Solar Winds Hack on the US Government has shown, once data is stored online it cannot be 100% protected. The security technology around it may be state of the art but, at the same time, data centres and hosting operations are considered higher-value targets for hackers and cyber terrorists, so there is an inherent risk in moving to the cloud that you do actually make yourself more of a target, more vulnerable to attack.

Alongside the recently-publicised attack on the US government, there have been several reported attempts to steal vaccine data from Oxford University for example, further proof that we are entering a new age of cyber warfare, where information is the prize and the target. Organisations will need to consider the risks around moving to the cloud and take action to protect against them.

The key question for organisations must be what if the worst happens and how will you respond? You have to ensure that you have a strategy in place behind any move to the cloud, that it works for your business, that you have assessed the risks, and that you have a risk mitigation plan in place in case of an incident.

At a minimum your plan has to cover damage limitation. reputational risk protection, disaster recovery and business continuity. Some considerations for you when drawing up your plans, as highlighted in a recent KPMG white paper, include:

  • Who owns the risks – is it you or the supplier?
  • What are the different judicial regulations of where your data is stored and the rights around this (e.g., US vs EU)?
  • What are the regulatory requirements around reporting incidents?
  • Where does liability sit in case of the exposure of confidential information?

In summary, moving to the cloud has huge benefits and has enabled organisations to adapt to a virtual world more easily. However, to avoid cloud Armageddon, there are important considerations to manage and reduce your risks.

There is never going to be a scenario in which your data is 100% safe in the cloud.

However, by taking the time to assess your options and answer these key questions, you will reduce your exposure and mitigate the risks to ensure this continues to be a scalable solution for business and to maximise the huge benefits that working in the cloud brings.


Are you interested finding out more about moving your organisation to the cloud?

Get in touch to find how we can support you.