Securing office 365 - 2 FA, security defaults, train your users, separate admin accounts,

A bit of a change this fortnight.

This newsletter is all about Office 365 and in the next one we will look at Gmail.

If you are using Office365 for a business there are a number of security protocols and business requirements that can be implemented to ensure that you are not a victim of Business Email Compromise (BEC).

You need to avoid a BEC for the simple fact that if the bad guys gain access to your email portal they can do irreparable damage to your business.

By implementing or knowing about these strategies you make it harder for your business to experience a BEC.

2 factor or multi-factor authentication

No matter what this security protocol needs to be implemented.

Access to email accounts utilizes user name (email address) and password (unique, complex, and more than 12 characters) to gain access.

2FA adds a third layer of security in the way of either an SMS to your phone or the utilization of an authentication app.

Either way - you receive a code and put that code into the login window and you gain access.

Without the code, you are relatively safe from a BEC.

Never, ever, ever give the code away to anyone. (be very wary of phone scams where they ask you to send the code that they have generated).

In most cases, you will receive an email that said that someone has tried to access your account if this happened then change your password.

Security defaults

There are a number of security defaults that came with all accounts.

Check them out and use them as you, as an organisation see fit.

In a corporate portal, these security defaults can be forced onto all users in that domain.

Administrator accounts.

Administrator accounts do not require a license unless they have an email address associated with them.

The number of admin accounts in use will depend on the number of administrators required for your business.

Keep them to a minimum but to avoid system lockouts always have an account that can be used internally as required - just in case!

User awareness training

It is recommended that you conduct awareness training at least once a year, ah NO.

We recommend that you have an ongoing process of awareness training that includes video, audio, and text-based training at least once a month.

We also recommend that you gamify the training with competitions, posters and prizes.

Make it fun and change the culture of the organisation.

"Your team can be your worst problem or your best defence and the difference is awareness training"