Blog

SMEs and the cloud: 5 ways to secure your Microsoft 365 environment

Blog

6 janvier 2021

You feel safe because your company uses Microsoft 365. After all, it’s a Microsoft product. And yet, it’s a mistake to believe that all your data is safe. In a pandemic context where cyberattacks are rising sharply, it’s even more important for SMEs to be as cautious as possible. 

Although basic security measures are built into the Microsoft environment, many settings aren’t optimal. A complementary external solution is required; the integrity of your data is at stake. How do you safeguard it? Implement a few tried and tested best practices.

What is Microsoft 365?

Formerly known simply as “Office 365,” Microsoft 365 is a cloud computing solution through which you can access your work anytime, anywhere, on any device. It brings together online all of Microsoft’s renowned productivity and collaboration applications: Microsoft Exchange, Sharepoint, Word, Excel, PowerPoint, OneNote, Outlook, Publisher, Sway and Access, in addition to new features like Skype for Business and the now-famous Microsoft Teams.

Ideal for companies of all sizes, Microsoft 365 is used by many Quebec SMEs. While some use a few of the applications, others leverage the entire offering.

What to do to secure your Microsoft 365 environment

1) Back up your data

They say perfection doesn’t exist. Backing up data using a cloud solution is no exception to this rule. And backing up your data – your business intelligence – is paramount. What’s more. Microsoft 365 doesn’t offer an email, OneDrive, SharePoint and Teams backup solution. Plan to have an external backup solution for all your data and pat yourself on the back for your diligence. In the event of a serious incident (fire, ransomware, etc.), you will avoid having to manage a major, entirely avoidable crisis.

What is ransomware?
It is a cyberattack whereby malicious software is installed on your computer system with the aim of holding your company’s data hostage. The cybercriminal steals and then encrypts it (making it impossible to look up) or restricts your access to your computer. They then threaten to divulge it or make it unusable. 

In exchange for a large sum of money, they promise to erase the stolen data, decrypt it or give you back full access to your workstation. If you give in to their demand, some cybercriminals will keep their word; others won’t. If you don’t, you’ll never see a bit of your data again.

2) Adopt two-factor authentication

Consider this sobering fact: 99.9% of hacked Microsoft 365 corporate accounts do not use two-factor authentication. Don’t become a statistic. Use this feature. 

What is two-factor authentication?
In addition to the classic “username and password” combination, you also need to enter a unique numerical code sent to you by text message, a code only you can access in realistic terms.

Will it take a little longer to log into your account? Yes. Is it worth investing a few extra seconds? Definitely. You should especially use this method when you access the cloud as this is where the most sensitive data is stored.

3) Use the right strategies to prevent data leaks 

Achieving this couldn’t be simpler. Just activate the strategies (or rules) Microsoft offers to automatically trigger protocols that will warn you in case confidential or critical data has leaked. The sooner you are notified, the sooner you can stop the bleeding.

4) Protect your employees’ inboxes from computer viruses

Despite themselves, your employees represent one of the biggest security gaps in your company, and cybercriminals are very well aware of the fact. In most cases, employees lack computer knowledge and are poorly equipped to identify risks when they occur. As a result, they open the door to cyberattacks through their professional emails.

By implementing additional security measures – such as external solutions to fight spam, spoofing, fraudulent links and malicious attachments – you cut off the threat at the source before it has even had time to reach your employees. 

Training your team, a winning strategy

Education is one of your best weapons. Be sure to provide your employees with cybersecurity training. It’s a small investment that will pay off big time. It’s also one of the many services BGR Informatique offers, and our training is designed to be taken in the comfort of your living room!

Deactivating outdated protocols, an important step

Just because they offer it to you doesn’t mean it’s good for you. Microsoft lets you access your email in a variety of ways. However, many of them are no longer secure today. Disable outdated options that provide hackers with a gateway.

5) Let BGR Informatique implement and manage your security measures 

Getting a security alert is a good thing. Knowing what to do with it is essential. When it comes to information technology, nothing beats working hand in hand with information technology (IT) specialists to move from intention to action. And we’ve got great news for you: that’s exactly what we are! If you want to shore up your SME’s cybersecurity, one step is all it takes: call our team to the rescue! We won’t just advise you. We’ll take care of implementing the solutions. 

Do you already have an in-house IT support team? We’d be happy to work with them!

BGR Informatique, more than 10 years at the service of your cybersecurity

In conclusion, managed services will always be a valuable asset. Would you like to learn more about this service? Questions? Contact us today.

* Source : https://www.welivesecurity.com/2020/03/09/microsoft-99-percent-hacked-accounts-lacked-mfa/

---