Safeguarding the Cloud amid COVID-19: How to Secure Your Microsoft 365 Accounts
Many of us migrated to the cloud as COVID-19 dawned upon us. Office spaces and conference rooms were left eerily silent and gathering dust when we sharply switched to telecommuting as the health crisis worsened the world over.
The COVID-19 pandemic has seen an increase of 50% in cloud service usage across the manufacturing, education, real estate, and construction, government, and financial services industries, according to the "McAfee Cloud Adoption and Risk Report: Work from Home Edition."
But working from home, for all its conveniences, does not come without risks. The same report tells us that the number of threats from outside actors attacking cloud services went up by 630%, "with the greatest concentration on collaboration services like Microsoft 365." Now think about this percentage and the number of companies worldwide that use Microsoft 365: over a million companies, with more than 731,000 hailing from the United States alone. It's an alarming percentage, but one that isn't entirely futile depending on which part of the half-full, half-empty glass we look at.
For one, it's an opportunity to beef up our cloud accounts' security, showing us that we can never be too safe when it comes to the undiscriminating eyes of cybercriminals. Cybersecurity Ventures called cybercrime "the greatest threat to every company in the world." Cybersecurity Ventures had predicted in 2016 that cybercrime will cost the world $6 trillion annually in damages by 2021, whereas global ransomware damage costs are estimated to reach $20 billion by 2021.
Despite the risks associated with cloud services, however, one's information is still safer and secure with it than without. While there is not much one can do to prevent cybersecurity threats from existing – as per the Harvard Cybersecurity Campaign Playbook, they are borne from larger geopolitical, economic, and social forces, after all – there are ways an individual and organization can take to protect themselves from such threats.
There is no all-encompassing silver bullet that can save an individual or a company from the onset of a security attack just as how "there is no single, bulletproof technology or product" that can help protect us from security threats.
There is only an amalgamation of good habits and practices, developed through time, that we can only hope would help in reducing our vulnerabilities in the cyberworld.
Microsoft 365, being one of the most used collaborative tools today, means it is also the main target of cyber adversaries. If you or your organization uses Microsoft 365 as your everyday collaboration tool for work, you can better secure your accounts to keep safe from cybercriminals.
How To Secure Your Microsoft 365 Accounts
Foster a Culture of Awareness
It all starts with the individual. Before anything, ensure that you foster a culture of cybersecurity awareness at home or in your organization. This includes training your employees about cybersecurity best practices, so they are always on alert for security threats, which include data breaches, hijacking of accounts, and cloud malware, to name a few.
An example could be holding virtual seminars or refreshers among your staff to make them aware of the basics of cybersecurity, such as how to set up strong passwords, use multifactor authentication, and how to identify phishing emails, among others.
Step 1: Create Strong Passwords
Use a strong password for your Microsoft accounts. Avoid using words or phrases, which can easily be guessed by hackers, and ensure it includes a mix of letters, symbols, and numbers. Microsoft 365's Azure Active Directory has a banned password list that applies to all of its tools and services, so you can rest assured that you will be notified should your password match any of its prohibited passwords.
Step 2: Employ Multi-Factor Authentication
These days, your p@$$w0rd rarely means anything to the most cunning of cybercriminals. Make sure you use multi-factor authentication for your Microsoft account or among your staff’s accounts. You can use SMS/text message notifications for this, although this isn't always recommended. Instead, install an authentication app, such as Authenticator, on your phone where you can do the approving when required.
Step 3: Separate Admin Accounts
When it comes to administrative accounts, make sure such accounts are only used strictly for administrative purposes. Admin accounts are highly tempting targets for hackers due to their access to an organization's critical data and network at large. Ensure admins in your organization have separate user accounts reserved for non-administrative work for added security.
Step 4: Implement Safe Attachments
In work-from-home, it's common practice for staff to send email attachments in the form of documents to each other. Make sure you implement Microsoft Defender's Safe Attachments among your staff's accounts (as this is not turned on automatically), which checks for malicious files, including those in SharePoint, OneDrive, and Microsoft Teams.
Step 5: Make use of Safe Links
Malicious websites can be hidden in links in emails and files. Microsoft Defender's Safe Links can help secure your organization by verifying web addresses or URLs in emails and Office documents across your staff. Make sure you configure Safe Links, so it applies to the whole organization.
Microsoft 365 Security with Uniserve IT Solutions
This is just the tip of the iceberg; there’s so much more to Microsoft 365 than just the basics. Transform your organization into a modern workplace by allowing us at Uniserve IT Solutions to help you utilize the best collaboration tool with our team of experts at the ready. Stay safe from cyber vulnerabilities – contact us today to get started.