More businesses than ever before rely on cloud platforms to support day-to-day operations, but with rising adoption of IaaS, PaaS and SaaS comes a range of additional security challenges that organisations need to address.
With more than 150 million active commercial users, Office 365 is the most widely used cloud application suite in the world. This makes it a prime target for cybercriminals, with a growing number of attacks specifically targeting O365 users.
Cyber attackers are continuously devising new social engineering and malware infiltration techniques to circumvent O365’s built-in security controls. If your organisation utilises O365 or is considering doing so, it’s essential to ensure appropriate controls are in place to protect your environment.
This blog outlines six key Office 365 security measures you should consider introducing as soon as possible.
1. Enforce multi-factor authentication
The first step all organisations should take to improve Office 365 security is to enforce multi-factor authentication (MFA) across all user accounts. MFA requires users to provide an additional layer of authentication, such as entering a unique code sent to a mobile phone application, so that in the event that a password is compromised, an attacker is prevented from gaining access to the associated account. Enforcing MFA in a straightforward and can be implemented via the Office 365 Admin centre.
2. Make use of dedicated admin accounts
Office 365 accounts with elevated privileges are frequently targeted by cybercriminals. To limit the risk of these accounts being compromised, which could result in criminals being able to access all areas of a network, it’s important to ensure that they are only used for the purpose of system administration.
System admins should have separate personal accounts that have only the privileges needed for day-to-day operations. Before using high-privilege accounts, admins should close any unnecessary browser sessions and applications.
3. Conduct frequent security awareness training
Regardless of the security defences an organisation has in place, human error is one of the most common causes of breaches. It is essential that all employees and third parties understand their role in maintaining Office 365 security by undertaking regular security awareness training that covers areas such as password management, device management, social engineering and data protection.
4. Prevent email auto-forwarding
As was the case in a sophisticated Email Business Compromise attack investigated by Redscan, Cybercriminals that successfully compromise O365 user accounts often exfiltrate data by setting up Outlook mail rules to automatically forward incoming and outgoing emails to other addresses. To prevent this, system administrators should enforce a mail transport rule that blocks users from creating forwarding rules to external domains.
5. Proactively monitor your environment
With so many threats capable of breaching the network perimeter, having full visibility of Office 365 account activity is essential. Activating full audit logging within 0365 can help to detect unusual employee activity, such as which users have logged in and from where, as well as who is accessing and making changes to documents.
Network and endpoint monitoring tools such as SIEM, IDS and EDR can also be used to facilitate threat detection and response by improving the identification of attacks targeting O365 as well as cloud (public and private) and hybrid environments.
Without specialist cloud security skills, organisations using Office 365 monitoring tools may struggle to configure, manage and monitor them. For this reason, organisations may wish to consider a 24/7 cloud management and monitoring service to help bridge the gap.
6. Commission regular Office 365 security assessments
By helping to identify and remediate vulnerabilities in cloud environments before they can be exploited maliciously, penetration testing is another important layer of Office 365 protection. Office 365 security assessments can help to detect exposures such as insecure configurations and weak web applications.
When commissioning an Office 365 security assessment, it is important to consider Microsoft Cloud Rules of Engagement , which set restrictions on the assets that can be tested and requires organisations to report critical system security issues within 24 hours of discovery.