Top 12 Cyber Security Tips for Business using Office 365
Top tips to help your business secure your Office 365 tenancy.
This article is aimed at a business that uses Microsoft Office 365 and highlights the top precautions that should be put in place to secure your commuters, users and systems.
Tip # | 1 |
What | Deploy Next Generation Antivirus |
Recommendation | Microsoft Defender ATP |
Why | Microsoft Defender ATP protects your computer from threats
Defender prevents you from accessing blocked websites such as gambling / adult Defender scans loaded websites for Realtime protection |
Tip # | 2 |
What | Keep your computers up-to-date |
Recommendation | CYBERPATCH Patch Management |
Why | There are many patch management solutions on the market so finding a good package at a reasonable cost is our goal CYBERPATCH can patch your operating systemCYBERPATCHcan install Operating System Feature updates (Major releases) CYBERPATCH can install over 48 everyday 3rd party applications including Microsoft Office and Adobe products |
Tip # | 3 |
What | Deploy Email Protection |
Recommendation | Microsoft 365 ATP Plan 2 |
Why | There are many email scanning services on the market, thousands especially as many of them are simple white labelling another providers services
Microsoft 365 ATP is designed to work closely with Office 365 and your email client doing far more than just scanning email for viruses, spam of Phishing Microsoft 365 ATP comes in plan 1 or plan 2, plan 1 is priced at £1.51 per mailbox per month and Plan 2 costs £3.80 per mailbox per month Both plans protect your email, Teams, SharePoint and OneDrive, but Plan 2 also offers Incident response and an attack simulator to help train your users |
Tip # | 4 |
What | Backup your data |
Recommendation | CYBERBACKUP |
Why | Having backup for your data ensures you can recover from accidents, disasters and ransomware attacks
Charged at just £3.00 per user per month Data is retained indefinitely |
Tip # | 5 |
What | Lock down Office 365 |
Recommendation | Implement EMS5 License |
Why | Enterprise Mobility + Security License comes in 2 plans (EMS3 and EMS5) Both provide Conditional Access which only allows authorised devices to access your office 365 email or data EMS5 also includes Risk based conditional Access which |
Tip # | 6 |
What | Implement MFA or 2FA |
Recommendation | Microsoft Authenticator |
Why | Microsoft say 99.9% of breached accounts could be prevented by using MFA Authenticator is Free and available on IOS and Android Each time (or every 60 days configurable) you login to Office 365 you need to verify this with an alternative approval such as your mobile phone. Once authorised the authorisation lasts up to 60 days on the device so doesn’t repeatedly prompt you. |
Tip # | 7 |
What | User Awareness Training |
Recommendation | Microsoft Attack Simulator |
Why | Attack simulator sends a phishing email to try and trick your users. This type of training is proven to reduce your cyber risk. Human error not spotting fraudulent emails is still one of the most common ways a cyber criminal will gain access to your systems or financial loss. |
Tip # | 8 |
What | Encrypt your data |
Recommendation | Microsoft Bitlocker |
Why | Ensures your data is encrypted if your laptop gets lost / stolen Microsoft Bitlocker is free and included in your operating system It’s quick and easy to deploy |
Tip # | 9 |
What | Ensure your firewall is on |
Recommendation | Windows Firewall |
Why | Protects your computer from programs on your network or internet intruders trying to get into your computer |
Tip # | 10 |
What | Sensible Unique Password |
Recommendation | Use a sensible hard to crack password that’s unique to you only used for your business Change your password every 90 days |
Why | The fewer places you use your secure passwords the less chance it will get cracked / exposed |
Tip # | 11 |
What | Avoid Public Wi-Fi |
Recommendation | Do not use Public Wi-Fi |
Why | You do not control a public access point, and therefore you do not know who / what may be monitoring that network, commonly called man in the middle attacks, where something is intercepting all your traffic, sniffing out passwords and other interesting data |
Tip # | 12 |
What | Monitor your password breaches |
Recommendation | google Chrome password checkup |
Why | Navigate to https://passwords.google.com/ and choose password checkup to check any of your cached passwords against known hacked databases Alternatively use https://haveibeenpwned.com/ to detect any breached accounts |