The “Top 5 Office 365 Security Benefits” Every Business Should Enable

Microsoft’s Office 365 package has many benefits. Always having the latest version of the Microsoft Office software is the most popular. This includes Word, Excel, PowerPoint, Outlook, and OneNote. You also have access to emails and documents via the cloud. Another big bonus with remote workers are the collaboration tools like Teams and SharePoint. However, these are just the areas that most users see on the surface. The real benefits are Office 365 security features for you and your employees.


Multi-Factor Authentication

(aka MFA/2FA) 

Multi-Factor Authentication (MFA) is a 2nd layer of protection to keep your accounts secure from online threats. This feature creates a random code that changes every minute and is specific to only your login. To use this, you will need an Authentication app on your phone. Many free apps are available on iOS and Android. Microsoft has their own, as well as password managers like LastPass and Dashlane. To begin the setup you need to login to your online Microsoft account and enable MFA in your security settings. Then, scan the QR code with your phone app, enter the code shown, and finish your setup.

A hacker would also need that code on your phone to login, even if they had your password. As a bonus, if an important website you use offers MFA/2FA, enable it immediately. Sadly, not all companies offer MFA yet.

Password Complexity Enforcement 

Adding MFA allowed Microsoft to redo their best security practices. Using MFA and “Password Complexity” lets you set your password to never expire. Studies show that utilizing MFA and a unique complex password is more secure than having many passwords that expire frequently.

When you are expected to change passwords often, many will use simple or reused password. This is less secure overall and can leave you vulnerable. Office 365 security features can enable and force both MFA and Password Complexity to create a strong defense on your email account.  


Preventing Auto-Forwarding to External Accounts 

Auto-Forwarding is a tactic that hackers use to forward emails sent to you to another email. With this, someone can have unauthorized access to a copy of all your emails without your knowledge. If this is setup, changing your password will not stop the forwarding and deleting the rules can be tricky. There are several problems related to this, including HIPAA violations, compliance issues, and social engineering. All of these can result in financial loss. Office 365 security settings can block this setting from working, even if it was previously enabled. If a forwarding rule was setup on your email, it wouldn’t work anymore once the setting is turned on.

Ransomware Prevention 

Ransomware is malicious code, often hidden within a file attached to an email. The email with the file will sound important and it usually includes a time-sensitive or an urgent matter. Examples are ‘invoice overdue’, ‘awaiting signature’, or ‘pending your approval’ to create a sense of panic. When the file is opened, it begins to wreak havoc on your data. It will target any file it can discover and encrypt it. The files are unusable in their “locked” state. Next, you’ll receive an email or pop-up that gives you the option on how to unlock your files. You must pay a ransom to the cyber-criminal, usually Bitcoin, a digital crypto-currency.

A cyber attack is crippling and can destroy a business in days. Unfortunately, paying the ransom does not guarantee the cyber-criminal will unlock your files. We recommend restoring files from a backup to bypass any data loss. Remember to always have a backup of your important files, following the 3-2-1 rule.

A way to prevent a Ransomware attack is to enable a Office 365 security setting called a “Mail Flow” rule. Setting this up for attachments lets Office 365 review an email before it even gets to your Inbox. It can also warn users before opening a possibly unsafe attachment. Being able to identiry common Ransomware files, it inspects the email and looks for problems. If a rogue file is found, it will add a warning to the potentially dangerous email. An extra layer of protection is possible by completely blocking the message if it includes file types you don’t use.

Phishing Campaigns and Training 

There is no foolproof way to prevent a cyber-attack if you access the internet. However, with the right procedures, you can increase your defenses by training your employees. Unfortunately, criminals are getting smarter and finding new ways to gain access to your most vital information.

One way is called “Phishing”. It is how the attacker will have the victim willingly hand over the data they seek. The attacker will create a very legitimate looking email and try to trick the reader. Sometimes, it will ask to click a link or open a file within the email. Links will mimic a banking site or other type of site they want the login for. Once you put the info it, it is sent to the attacker and now they have access to that account. If you have MFA enabled on the account in question, you may stop the hacker right there, since they shouldn’t have access to your Authentication codes.

An advanced Office 365 security benefit is the abilty to test your employees and train them on Phishing and email security. You can setup an “Attack Simulation” and send phishing emails to your employees to see how well they can spot a fake email (or if they fall for the bait). When the simulation is done, you can review who clicked what, if they entered login credentials, or if they did nothing with the email. With the final report, you can increase your employee training accordingly. Proper education of phishing helps prevent you from becoming a victim. 

A Final Word On Office 365 Security

Using Office 365 can improve your business security.  Enabling these settings can protect your business from becoming a victim. Online threats are at an all-time high as more people work remotely with cloud services. As Microsoft partners, we can implement these security features and we work with businesses of all sizes. If you are interested in protecting your business, contact us today to get started.