Are you ready for a cyber attack?
Back to Resources

Improving the security of your Microsoft 365 account

Blog

Emily Keeling

Posted Aug 30, 2024

If you have a Microsoft 365 account, chances are you’re using it pretty much every day, especially if you’re in an office-based role. While Microsoft 365 includes built-in security features like multi-factor authentication, these may not be enabled by default.

Here’s our top five ways that you can boost the security of your Microsoft 365 account – either included in your Microsoft 365 account or available as add-ons through a third-party.

 

MFA

Multi-factor authentication is an effective security measure that you can easily put in place. Also known as MFA, multi-factor authentication means that users need to use two or more authentication methods to access their accounts – something you own, something you are, or something you know. When you sign into your Microsoft account, within Advanced Security, then Additional Security, you can turn on two-step verification. You can read this blog to find out more about MFA.

MFA means that a cybercriminal can’t get into your account using just your username and password, they need something else too. This could be your authentication app on your phone, a fingerprint scan, or security question. This makes it much more difficult for cybercriminals to get into your account. You can even remove your password entirely, and use other methods of authentication.


Dedicated admin account and user permissions

We recommend minimal access for all your employees, plus a dedicated admin account. Minimal access ensures that employees can only access the data and tools necessary for their roles, reducing the risk of unauthorised access. This way, everything is locked down, so the admin account has the highest access, and critical permissions are off-limits. This is especially efficient when reducing insider threats.

 

Increase malware and ransomware protection

Microsoft 365 already comes with some basic malware and ransomware protection. By implementing additional measures, you can increase the security of your environment, reducing the risk of data breaches and financial losses. Proactively enhancing these protections safeguards your users and significantly bolsters your data security.

 

User training

User security training improves security across a whole organisation as it gives employees the power to recognise and report suspicious activity, namely phishing emails. Phishing scams can lead to people accidentally giving their personal information to cybercriminals, sometimes resulting in granting access to accounts unknowingly. 61% of businesses have been victim to phishing attacks (Cyber Security Breaches Survey, 2024), making it the most common type of cyber attack in the UK. By implementing user security training across your team, your employees will know what to look out for and you’ll cut down the likelihood of successful phishing attacks.

 

Backup solution

Many businesses rely on Microsoft 365 for their day-to-day work, with files and data stored across OneDrive, SharePoint, Outlook and Teams and are all vital for the business. Even with robust security measures, there's still a risk of data loss due to cyberattacks. A third-party backup and recovery solution ensures your files remain secure, regardless of what happens. Third-party backup and recovery provide peace of mind, as Microsoft doesn’t take any responsibility for your data. Automatic protection of your files means that no matter what, your files are safe and sound.

 

Want to improve the security of your Microsoft 365 across your company? Get in touch to discuss you cybersecurity stance.