How to avoid an Office 365 security breach
Published: 11 October 2018
A data breach is when protected information is taken without consent. It’s that simple. A breach is an opening that is not supposed to be there, it’s like having a hole in the bottom of a boat. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.
Data breaches at major businesses seem to be in the news often. The hacks range in size and scope, but it’s no secret that firms hit by hackers often suffer serious consequences.
It can happen to anyone and any business, no matter what size company you are. A recent example was an Office 365 breach where emails were set to forward to an outside source (the perpetrator), the perpetrator was then able to intercept the emails from the user and was able to reply and send as if they were the user themselves.
What can you do to help prevent your organisation from becoming tomorrow’s cyber-breach news headline?
- Educate your employees on the importance of protecting sensitive information and passwords and not to give out details to unauthorised personnel. Arguably, this is the most important one!
- Ensure that your employees use a secure password. A secure password is based on the number of characters used, it is important to include uppercase letters, lowercase letters, numbers and special characters.
- Enable Two Factor Authentication on all Administrator Accounts and mailboxes via the Office 365 Admin Portal. This involves use of a mobile phone app, or a text message/phone call to confirm your identity when you sign in.
- Ensure that you have SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) enabled on your Office 365. This will help protect & prevent unauthorised senders to send on your behalf.
- Purchase and Enable an Office 365 subscription that allows alerts to be received that cover user password resets, mail forwarding rules outside of your domain, it also allows logs to be collected on how has signed in when and where, whether that be an admin or a user.
Bristol IT Company advise that all of the above is done as standard. If you’re concerned that your email isn’t as secure as it should be, please get in touch.