5 Essential Steps to Secure Your Company's Office 365 Accounts

Today we have another guest post, this time from journalist Lori Wade from Louisville. We hope you appreciate Lori's useful insights!

The business world has changed more rapidly in the past two years than it has in a decade. The shift to remote work and online business has boosted not just the demand for IT professionals, but the level of cybersecurity awareness we all need to take onboard.

Office 365 is a powerful tool for businesses the world over, but that also makes it a gold mine for hackers. Even having an entry-level account compromised can mean serious disruption for your businesses.

Let’s take a look at the 5 most powerful steps you can take to secure your Office 365 accounts. We might even have a bonus tip at the end for some extra cybersecurity.

Laptop with the text cybersecurity on the screen

(Image source)

Boost Your Password Strength

We have accidentally built a system that creates passwords that are hard for us humans to remember, but very easy for hackers to guess. Hackers caught on very quickly to the standard—use an uppercase letter, add a number, add a special character—password variations. The password “F00tballfan1” is not as good as it was in the early days of the internet.

This leaves us with two password options: Using a password manager app or easy to remember, hard to hack passwords.

Password managers can store, encrypt, and securely recall your team’s passwords. They can also generate incredibly secure passwords without us having to memorise or write them down.

Another option creates passwords that are designed to make hacker’s jobs harder. When hackers need to guess a password, they have specialized software that starts to plug away at every combination. That means “footballfanpizzawizard” is not only very strong against hackers and their hacking software, but also very easy for people to remember.

You’ve probably already remembered it!

Two-Factor Authentication

Also called 2FA or multi-factor authentication, two-factor authentication requires a second form of authentication when you sign in to your Office 365 account. This could be through texting a code to your phone or an authenticator app. When you go to sign in, you’ll be asked to provide this secondary code.e.

2FA is the new standard of cybersecurity. While it can’t prevent every type of security risk, it can lower the risks of some of the most serious types of infiltration. Even if a hacker acquires login details, they will still be unable to get around not having physical access to your smartphone.

Setting up 2FA is a straightforward process, and can be done natively for individuals or very small businesses, or through an external connector for large or enterprise teams. 2FA should be considered just as mandatory as strong passwords or giving your team a basic cybersecurity training.

Speaking of your team, let’s talk about admin roles.

Dedicated Accounts for Admin Roles

Admin accounts are the most powerful accounts in Office 365. They hold the keys to this digital kingdom. This makes them highly prized targets for hackers.

One key step in protecting your businesses is to give each admin two accounts. One account will be for business activities like email, calendars, and other functions. The other account is purely for their role as an admin. By separating the admin functions from their emailing and scheduling functions, you’ll be isolating risks and keeping powerful accounts safe.

Consider How Your Business Handles Email Attachments

Now let’s talk about attachments. These are prime vectors for hacking.

That image file or attached .doc might be more than it seems. It could be harbouring malicious code such as ransomware, malware, or a virus.

You can use Office 365’s admin features to limit which types of attachments team members can open. This is a great way to clamp down on this security threat. There’s another way that we’ll get to right after we talk about phishing.

Learn How to Handle Phishing Attempts

No, it’s not time for a vacation just yet. This is the bad kind of phishing.

This is a type of “social hacking” where a hacker impersonates someone in an attempt to get the information they are targeting. They might pretend to be a member of your IT team, someone from Microsoft, or a close family member of the boss.

These are hard to fend off because they rely on using charm and social know how instead of software to hack into your Office 365 accounts. The best way to overcome this challenge is by keeping your team informed by hacking and how to prevent security risks.

Secure Office 365 by Securing Your Team

Here’s a bonus cyber security tip: Keep your team informed.

The best way to stop a cybersecurity risk is by making sure all of your team is educated and trained in digital security 101. Whether you are paying for certification for each and every team member or you are doing in-house education, everyone is a key player when it comes to keeping the company safe online.

Lori Wade is a journalist from Louisville. She is a content writer who has experience in small editions. Lori is currently engaged in growing awareness around cyber security. You can find her on LinkedIn.

Fancy reading something else - what takes your fancy?