Are You Cyber Safe? Protect Your Microsoft 365 Products from Online Threats – Part 2
October 12, 2023
Last week, we published a blog that provided tips for protecting your Microsoft 365 products against malicious cyber threats. Cybersecurity is not something to take lightly, and with technology constantly evolving, it is important to understand how you can protect your organization’s sensitive information.
There is no such thing as being overly cautious or engaging in too much cyber security. We recommend doing everything you can to protect your organization’s online information. Online threats are lurking everywhere, and far too many people adopt an “it will never happen to me” mentality. The reality is it can happen, and it does, so it is always best to diversify your safety practices. Below are more suggestions as to how you can practice cyber safety:
- Use Microsoft Purview Information Protection.
Microsoft Purview Information Protection is a data governance solution that helps you discover, classify, label, and protect your sensitive data across your Microsoft 365 environment and beyond. You can use features such as sensitivity labels, encryption, data loss prevention (DLP), retention policies, eDiscovery, and more to control how your data is accessed, shared, stored, and disposed of.
- Disable auto-forwarding for email.
Auto-forwarding is a feature that allows users to automatically forward incoming emails to another email address. However, this feature is typically exploited to exfiltrate company data by cyber criminals who are looking to compromise a user’s account and set up auto-forwarding rules to divert sensitive emails to their own address.
- Protect all corporate devices.
You should ensure all devices that access your Microsoft 365 account and data are secure and compliant with your organization’s security policies. You can use features such as Microsoft Endpoint Manager (MEM), Windows Hello for Business (WHfB), BitLocker encryption, Windows Defender Antivirus (WDAV), Windows Defender Firewall (WDF), Windows Update for Business (WUfB), and more to manage and protect your devices.
- Monitor and audit your security policies.
You should regularly review and update your security policies according to the changing threat landscape and best practices. You should also monitor and audit your security settings and events using tools such as Unified Audit Log (UAL), Secure Score (SS), Security Dashboard (SD), Compliance Manager (CM), Azure Sentinel (AS), and more.
- Enable SPF, DMARC and DKIM in Exchange Online.
E-mail is a common attack vector to launch phishing, malware, ransomware, and other types of attacks that can compromise your organization. You can protect yourself by enabling SPF, DMARC and DKIM in exchange online to help prevent spoofing and phishing attacks that can compromise your email security and reputation. SPF, DMARC and DKIM are email authentication standards that verify the sender’s identity and the integrity of the message content.
- Review your Microsoft Security Score Often.
Microsoft security score is a tool found in the M365 security portal and Azure portal that helps you measure and improve your organization’s security posture across Microsoft 365 and Azure services. It provides a numerical summary of your security level based on the actions you have taken or have not taken to protect your data, devices, and identities. It also provides you with recommendations and guidance on how to enhance your security settings and reduce your risk of cyberattacks. As cyber security best practices evolve so will the recommendations in the Microsoft Security Score.
By following these tips, you can improve your Microsoft 365 email security and protect your organization from email-based threats. However, it’s important to remember that cyber security is not a one-time task but an ongoing process that requires regular review and adjustment. Hopefully, these tips start some conversations within your organization to help improve your cyber security in Microsoft 365.
At Imaginet we take cybersecurity seriously. Follow our blog and subscribe to our newsletter to stay on top of the industry trends that will help your organization remain protected.
SQL Saturday Part 2: Learning About Microsoft Fabric February 29, 2024 I’ve been digging into Microsoft Fabric recently – well overdue, since it was first released about a year ago.…
My Trip to SQL Saturday Atlanta (BI Edition): Part 1 February 23, 2024 Recently, I had the opportunity to attend SQL Saturday Atlanta (BI edition), a free annual event for…
Enabling BitLocker Encryption with Microsoft Intune February 15, 2024 In today’s data-driven world, safeguarding sensitive information is paramount, especially with the increase in remote work following the pandemic and the…
Let’s build something amazing together
From concept to handoff, we’d love to learn more about what you are working on.
Send us a message below or call us at 1-800-989-6022.