POSTED ON November 3, 2020
Cybersecurity measures are some of the most important precautions you need to take as a business leader. 60% of small business that experience a cyberattack, don’t financially recover. With cybercriminal activity on the rise, you need to be able to take your cybersecurity into your own hands.
Microsoft 365 is a powerful business solution, and comes with great security features built into it, but they need to be configured and understood to be effective. We have put together this guide to help you leverage these features to your advantage and take the first steps to becoming more secure.
Of course, we are always here to help with any issues you may experience and would be happy to take this burden off of you by managing your business’s IT needs. You can book an introductory call with us here.
The Universal Truths of Cybersecurity
To better understand and approach the improvement of your business’ cybersecurity there are three universal truths you need to accept:
1. Cyberattacks are the norm, not the exception. Data from Sophos’ 2019 State of Cybersecurity Study showed that in the U.S. 71% of organizations surveyed were victims of cyberattacks. representing a 400% increase from January 2020 (the onset of the COVID-19 pandemic in the U.S.). The question is no longer if, it’s when a cyberattack will occur.
2. Employee training is essential to maintain cybersecurity. Security software can only do so much to protect you. 95% of all cyberattacks involve a form of social engineering. This means that hackers will deceptively manipulate your employees into opening the door for them to obtain sensitive information. Your employees must know how to spot and avoid these threats.
3. No matter what the product is, it won’t come secure out of the box. Even Microsoft 365 doesn’t come with all the necessary security features configured to protect your organization. More than 50% of the organizations surveyed in the Sophos report weren’t using their cybersecurity solutions to the fullest extent, if at all. Assuming you are protected because you have a tool, will leave you vulnerable.
Now that you know your approach to cybersecurity has to be focused, include employee training, and should start with the assessment of your current tools, lets focus in on how to accomplish this.
Understand What Your Security Needs Are
In order to know where you need to improve, you need to understand where you are at.
Start with risk identification. There are a myriad of cybersecurity solutions out there and knowing what you need to protect is the key to understanding the level of protection you need. If you are only handling customer and employee information and your personal business data, you will not need the same level of security as someone who had a defense contract and is handling secret information and needs to prove compliance to the defense security standards.
Once you know the information at risk, evaluate what steps you are already taking to secure that data. If you store high value data, this is a process that might be best performed by an IT professional. You don’t know what you don’t know. Our expert team here at Agilitec can help preform an in-depth risk assessment and security analysis.
To quickly get an idea of how you’re doing at maintaining your cybersecurity, you can check out your Microsoft Secure Score. The Microsoft Secure Score is a measurement of your organization’s security. It can help you by reporting on the current state of security, provide suggestions for improvement, and compare your current security to past data so you can compare benchmarks and set KPIs. You can find your score here.
How to Interpret Your Microsoft Secure Score
Finding and interpreting your Microsoft Security Score are two different things. The following are some steps to understand your score better:
Once logged in, you should find your organization’s Secure Score on the top left of your screen:
The score is calculated based on the controls you can configure vs. what you have configured. In the screenshot you can see the breakdown of controls that have been implemented versus what is available, a graph that shows how your score compares to organizations of a similar size and the global average, and then a list of actions to take to improve your score. If you would like to learn more about how to improve your score, read our post: What can you do to improve your Microsoft Secure Score?
Working through the list of actions for improvement can be tedious and complicated if you aren’t tech savvy. We would suggest working with an IT professional to make sure these are handled correctly. However, there are some quick things anyone can do to improve your security in Microsoft 365.
Quick Wins To Improve Your Security
Now that we have covered the cybersecurity basics, we wanted to give you a couple quick and easy ways to improve your security. The following are features in Microsoft 365 that you can easily utilize:
1. Outbound Email Encryption
If you are emailing sensitive information, encrypt it. When you encrypt an email, Outlook will scramble the contents of it. Only recipients who you send the email to will be able to decipher the message. There are a couple levels of access to the encrypted email you can apply. Fr example you can set the encryption so that anyone in your organization can decode the message even if they weren’t the original recipients of the email.
If you would like to learn more about setting up email encryption in Outlook, you can check out the step by step process here.
2. Data Loss Protection
Office 365’s Security & Compliance Center allows you to upload or create a Data Loss Prevention (DLP) policy. Once configured, Office 365 can recognize sensitive information and alert you to any suspicious sharing of it. For example, if an employee tried to email a client’s credit card number, a supervisor would be alerted and would have to approve that email before it could be sent. You can check out our blog on how to draft a thorough DLP here.
3. External Email Warning Alerts
Email spoofing is a popular phishing technique. A cybercriminal will set up an email account to look like it is coming from your boss or co-worker and request that you share sensitive information or click on a malicious link. A precaution against this is setting up a warning alert that the email is coming from outside your organization. The flag will cause your employees to pause, encourage them to look further at the email address, and hopefully discern if the sender is a fraud. Here are the steps to set up Outlook 365 email warnings.
4. Archive Feature
When you have employee turnover, you should remove any terminated employee access to the company’s information. An important information source is their email account. Often employers are hesitant to delete and email outright because it contains information they may need to reference. Outlook 365 allows you to archive an inbox, keeping the data stored in it, while making it inactive and only accessible to system administrators.
Here are the steps to archive an email in Outlook 365.
Now that you are armed with this information, we hope you are able to take the next steps towards securing your business’ information and begin to educate your employees on the importance of vigilance when it comes to cybersecurity. If at any point in the process you need help or assistance, know that we are just one call away and willing to help!