Posted On 20 Feb 2020
With increasing numbers of software services being offered through the Cloud, e.g. Office 365, Google Drive, etc., cybercriminals are starting to target those users. Unlike previously, these online services aren’t protected by your own firewall, which can leave you vulnerable. There are a number of steps you can take at no cost to protect yourself when using Office 365.
Firstly, turn on the free Mobile Device Management (MDM) in Office 365. It does require some work to activate, but once it is established it allows you to wipe all your corporate data from the mobile devices of employees (emails, OneDrive documents etc.) when they leave the company without affecting their personal data. This is also useful in case devices are lost or stolen.
Secondly, you can manually turn on the Office 365 Audit Logs that keeps track of everything that’s happened on your account for 90 days. With this feature turned on, you can go back over your account if you experience a breach and find out how the attackers got in, something that it is almost impossible to do if you haven’t activated this feature.
Thirdly, create a Global Admin account that has no licenses assigned to it and is only used for administration, so that hackers won’t be able to use it as a springboard for accessing all other accounts. Additionally, insist, as a minimum, that all Admin Accounts require multi-factor authentication (again, free with Office 365 accounts); ideally, make MFA compulsory for all your accounts.
Finally, create a custom login screen for Office 365, that has your own company logo only it. Not only is this a great way of getting branding onto your workstations, it will greatly enhance security as employees can be trained not to log in to any seemingly valid web site unless it has your logo on it.