Technology

Securing Cloud Services: O365

Oct 2019

Throughout 2019, organizations have struggled with securing their data in the cloud. However, securing and hardening Office 365 is something that administrators tend to neglect or even ignore altogether.  

Office 365 and its suite of tools is one of the most used applications in business today. Office 365 offers a cloud-based solution that makes administration, deployment, and overall use of collaboration services a breeze. 

As our second post for Cybersecurity Awareness Month we will address common security best practices for Microsoft’s Office 365. Below are some easy items that any administrator could enable today to better their office environment from ransomware, account theft, and data leaks.

Enable Multi-factor Authentication (MFA). 

Username and password lists have become cheaper and easier to acquire for threat actors, causing more breeches in recent years. Therefore, enabling multi-factor authentication should be a system administrator’s top priority.  

Office 365 comes standard with MFA regardless of the license type used, but it is disabled by default. To enable MFA, simply log into Office 365 as an administrator, open up the admin center, click “Active users” under “Users” in the left menu bar. This will open the Active User list, from here select any user to view the user’s settings. At the bottom of user’s settings, select “Manage Multi Factor Authentication.” This will open the MFA management screen where you can select one or more user accounts that you wish to enable MFA on.  Once you have enabled MFA, the end user will be prompted to enable MFA during their next login. 

Some users may find this extra prompt to be annoying and may complain to management about extra steps slowing them down at work. Therefore, it’s imperative that IT announce the change in advance and inform company leadership about this important step in risk prevention. 

Prevent Common Malware File Types from being Delivered to End Users 

It’s no secret that phishing emails are a persistent problem. Many users think they are interacting with a fellow employee, partner or client and end up infecting their system with malware, exposing the entire organization to a huge risk. In fact, phishing emails are the most common vector for malware, including ransomware. 

One easy way to harden an organization against ransomware is to prevent emails that contain certain file types from ever arriving to an end user. This methodology is similar to what has been used in traditional Exchange environments since the late 90s.  

Typically, an administrator must specifically enable this functionality, which can be done from the Exchange Admin Center. Once you are logged into the Exchange Admin Center, under “Protection” select the “malware filter” option. This will take you to the rules for malware filtering where you can either edit the default rule or create a new one. First, add a name and description. Then select settings to edit the rule details. You will see a list of settings from which you can tune the notification your end user will see once the message is blocked, which admins will be notified, and which file types you would like to block.  

Before selecting the file types to block, ensure you understand the file types that are commonly sent in your organization to prevent legitimate emails from being blocked. 

For most organizations, we recommend at minimum blocking the following: .exe, .scr, .vbs, .js, .xml, .docm, .xps, .arj, .lzh, .r01, .r14, .r18, r.25, .tar, .ace, .jar.  

Office 365 has native Data Loss Prevention (DLP) and Mobile Device Management (MDM) solutions 

Microsoft has gone through considerable effort to build and improve their DLP and MDM solutions. We recommend implementing both of these solutions if your organization’s licenses include these features.   

The native MDM solution is included with all license types and gives an organization the ability to enforce a minimum set of standards on mobile devices such as pin complexity, automatic screen locks, full disk encryption, as well as the ability to remotely wipe organization data from the device. As more business is done on the go, mobile protection is critical for all roles, as one misplaced company phone or connection to a compromised wifi access point is a risk for the entire business. 

DLP is included with E3 and E5 licenses, and gives the organization the ability to detect, report, and prevent sensitive information from being shared outside the organization. The native Office 365 DLP solution can detect sensitive information such as credit card numbers, social security numbers, and account numbers in emails, OneDrive, SharePoint sites, and even Microsoft Teams messages. This tool, combined with appropriate  controls and permissions, can be a great resource for compliance requirements and privacy concerns.  

Utilize OneDrive and SharePoint for your file storage 

Ransomware refers to a specific type of attack in which a malicious actor encrypts your files and demands payment in return for decrypting the files. These attacks can be challenging to defend against, which results in many companies paying ransoms in order to keep their business going (sometimes on an ongoing basis!). 

Using OneDrive and SharePoint for file storage can provide additional protections through the use of versioning. Versioning is enabled by default in both tools and allows an organization to “roll back” to a previous file version if the file is compromised by ransomware. In addition to versioning, O365 services have 99.9% availability and are replicated to multiple data centers. This resilience is a great way to augment and improve existing Data Recovery and Business Continuity Plans. 

Conclusion 

Office 365 is a great tool for businesses, and it provides administrators a wide array of protection and compliance tools. However, many of these tools are not enabled by default, which requires the due diligence of the administrator to enable and tune these tools. Consider spending this Cybersecurity Awareness Month looking at your O365 environment and understanding your security and compliance gaps.   

Our cybersecurity team has the experience and knowledge to utilize the existing tools in O365 for securing and hardening an organization and provide greater insight to the risks posed to an organization. Contact us for a review of your O365 environment for security and compliance gaps.