06 Apr Better securing your Microsoft 365 – The Consequences of a Data Breach

As we explored in the previous blog in the series, small businesses are not immune to cyber threats, if anything they need to use the resources available to them to their full potential – with them often not having the budget of some of the larger companies out there. We have also discussed why you should secure Microsoft 365 and some of the ways that cyber criminals attack your systems.

In this – the second blog in the three-part series – we will explore what would happen if your account is breached, how to approach securing it, and some of the ways you can secure your account to avoid it happening.

What are the consequences of your Microsoft 365 account being breached?

The outcome of a cyber attack depends entirely on the goals of the cyber criminal. At the most severe, these could include the following –

1. Sensitive data theft – If the data that you hold contains password credentials for third-party systems, or worse, bank or card details for your own business or of customers’ – this could be specifically targeted or stolen among your other file data.
2. Data theft or corruption – The file data you have contained within your OneDrive and SharePoint libraries could be corrupted, stolen, deleted or – the worst case scenario – a combination of all three.
3. Masking as your business – With uncontested access to your Microsoft 365 environment comes the visibility of your contacts and correspondence history. The cybercriminal has the means to learn personal details about your business – which organisations you do business with, potentially arming them with a list of unsuspecting future victims to exploit – likely using your business as the vessel to mask themselves as to do so.

Microsoft 365 – The heart of your business

Microsoft 365 is the Cloud ecosystem at the heart of small businesses all over the globe – from storing emails, files, and folders, to other sensitive financial or customer records – its day to day uses are many. With its functionality designed to accommodate an onslaught of email, it is inevitable that malicious emails will find their way through, with this in mind we must do everything possible to protect that environment.

Despite being a SaaS (Software-as-a-Service) solution, which means it has its own security and compliance features as a part of the infrastructure defences provided by Microsoft as part and parcel of the service, the front-end user aspects – within your own control and outside of Microsoft’s – must be protected.

How to secure Microsoft 365?

There are two key areas to address to reduce risk of data breach and best secure Microsoft 365 for your small business:

There are many ways to secure 365, but the main two areas of which to address are:

1. Implementation of technical controls, policies, filters, and defences.
2. Policy changes for how your users’ access and use 365

.

Technical defences

Technical defences exist within Microsoft 365 to overcome a variety of different security threats, including:

• Email content or attachments from being intercepted or viewed by unauthorised parties.
• Your domain becoming a victim of a ‘spoofing’ attack with cybercriminals purporting to be your business.
• Phishing attacks being received or having their links clicked upon within email
• Malware, Ransomware, and other malicious file attachments being received or downloaded from malicious emails

The Users

Most importantly are the users, the users of a system can be both the final line of defence for your business in preventing a system breach, or the inadvertent cause of a breach. The fragility of your system is clear when you consider it is as simple as clicking on a malicious link in the wrong email for the whole system to come crashing down.

There are a number of risks posed by the way users’ access and interact with Microsoft 365, that depend upon:

• The complexity of their password and whether this password is unique to 365 or used as a general password across other services
• The ability to share files and documents, and to whom
• The ability to share potentially sensitive information within email messages
• The level of system access and permissions assigned

Security options in Microsoft 365

Security features, the risks they tackle, and how to apply them.

Login security.

The risks

Reduce the risk of individual user accounts from becoming breached by cyber criminals as a result of exposed credentials on the dark web, or, because of accounts being secured with basic common password formats.

Overcome the risks –

A secure password policy is defined by default within Microsoft 365 and is designed to direct the user to use a complex password. A complex password is as it sounds, one that cannot be easily guessed, is of a certain length, and is a random mixture of letter, special characters, and numbers.

In recent years password best practice has changed, with a traditional approach being to enforce users change passwords on a cycle of every number of days or weeks, and in some cases enforcing passwords of ever greater length and complexity as and when you change.

In more recent times, this has been rethought. Enforcing longer passwords, combined with a regular password renewal cycle, forces users to use old passwords again or essentially recycling the same core lettering, but simply extending it by adding a number of further characters at the end to make it easier to remember. Making the entire process a waste of time as the account is then no more secure than before the process.

Multi-Factor Authentication (MFA) is the better approach. Applying an additional layer of login security, known in some cases as 2-Factor Authentication (2FA) is the newer approach.

MFA is a second authentication step that takes place after a user has entered their password. Accounts are further secured by requesting the user input a code, which changes on a cycle – usually every few seconds or a couple of minutes – the code is provided to the user via their mobile device through text message or by accessing an authentication app, constantly layering the security offered with needing multiple devices to access. If the cyber criminal has your main password to the account, they may not have access to your device.

MFA, among other login security best practices, can be enforced for your tenancy through Microsoft 365 security defaults.

What are Microsoft 365 security defaults?

To define security parameters that apply globally across all of your users, you can activate security defaults that enforce a number of policies automatically (this applies to any users that join after the parameters are defined).

Security defaults are available to all users of Microsoft 365 at no extra cost, provided you are an organisation that utilises at least the free tier of the Azure Active Directory service.

Security defaults include:

• Block legacy forms of authentication
• Require users to perform MFA actions upon certain actions
• Require all system administrators to perform MFA
• Require all users to register for MFA

.

How to implement security defaults on Microsoft 365?

1. Visit your Azure Portal (https://portal.azure.com)
2. From the main menu scroll to ‘properties’
3. Click ‘Manage security defaults’
4. Move the slider across by clicking ‘Yes’

Once having completed this it is worth noting that the next time your user’s login to the system, they will be forced to activate MFA on their accounts by entering a mobile number or via another method, such as selecting an authentication application to use on their device.

In the next blog in the series we will explore other security measures you can take to ensure that your organisation’s cyber security can stand up to scrutiny.

Protecting you every step of the way – Netcom

Our team of experts offer effective comprehensive cyber defences that protect your data. Everything we do is centred around reducing the risk your business faces, we have a range of services to help mitigate risk and protect your business. We are one of a handful of IASME Certified Assessors in the region, which means we not only work to the highest security standards but can also deliver and award Cyber Essentials certification. If you need help with your cyber security or simply have IT issues you need guidance with do not hesitate to get in touch.