During the blog series so far, we have explored the potentially disastrous ramifications of your Microsoft 365 account being attacked and breached by a cyber criminal and how to secure it to stop this from happening. We have also explored some of the security options available, the risks that they tackle, and how to apply them in your organisation.
Throughout the final blog in the series we will proceed where we left off at the end of blog 2 by exploring more security measures that can put your systems in a good stance to combat the threats posed by a cyber attack.
Access to files, folders, document libraries and emails must be on a ‘need to know’ basis according to the job role of the user trying to gain access. Without it your whole team has free reign over your IT system, with full and free visibility of any documents and data your organisation holds – not only is this completely unnecessary but if some of the data is sensitive (which it is likely to be) you could not be operating correctly under legislation, resulting in legal ramifications if there is a problem.
As serious as legal ramifications are, a bigger concern should be the opportunity this offers to cyber criminals. Should a user’s account suffer a breach, the cyber criminal will have free access to your entire network, and the consequences of such a breach can be incognizable and impossible to imagine, with the levels of theft or corruption due to such a breach leaving your business unable to operate going forward.
The risks, overcome
Overcoming the risks around access has a simple solution – control it! Controlling access is absolutely essential, and Microsoft 365 makes this easy. This can be achieved by structuring your files and folders and the rights needed to view and edit that data. Most organisations that have done this previously organise their files departmentally – finance, sales and marketing, or perhaps between teams, for example.
After having done this, you can apply user permissions to team members according to the department they are in. Further restrictions can also be applied within your departmentalised permissions already set; you can restrict access according to your team’s hierarchical way of working – for example, you can deny access to a junior/ apprentice on accounts that don’t apply to them (Senior accounts).
You can take this one step further too. Users are not restricted to only one department – if you are a member of management or have people within functions that cross departments, multiple permissions may be assigned; these permission sets are defined within Microsoft 365 as groups. Let’s take a closer look at Microsoft groups.
For users to be allowed access to resources and to assign a set of permissions against a group of users (department in your organisation) a group must be set up within Microsoft 365. These groups can be defined through the administration portal or created for you in the background by the system automatically when you create a new SharePoint Library or a Teams Channel – and by defining the user permissions front-end in those applications.
Your active groups are accessible by visiting https://admin.microsoft.com/adminportal/home?#/groups. Once having visited the link you will need to log in with your administrator credentials.
You will then be on the main hub. From the main hub you can add new groups and define the users in those groups; you can do this all whilst being able to see and manage existing groups that were created elsewhere within your Microsoft 365 environment, such as directly within SharePoint or Microsoft Teams.
There are a variety of different access controls to define whether and how data can be shared externally. There are two differences within 365 between different types of external users. Let’s take a look at them.
External access – Provides access to all the users within an entire domain.
Guest access – Permits permissions to an individual.
To control whether to permit external users to be added as guests:
Controlling whether to permit external sharing from SharePoint and Teams
For SharePoint you may define this at your organisation level, or you can set the permission individually within a specific SharePoint site. If a SharePoint site’s external sharing option is not compatible with the organisation’s level of permissions, the automatic pre-set is that the most restrictive rules will apply. With Microsoft Teams guest access must be authorised separately.
There are a variety of different defensive tools on the market that exist to protect your data from cyber criminals. Let’s take a closer look at them now.
As you already know by this point, Malware protection comes as part of the Microsoft 365 ecosystem already but you can increase its capabilities further by blocking certain file types, especially the ones that are most associated with malicious Malware.
This can be implemented by taking the following actions:
Microsoft 365 Email encryption ensures that only the desired individuals can view your Email content. You can also define permissions that restrict what the recipient can do with the Email you’ve sent them – these permissions include blocking the email from being printed, forwarded, or the content copied elsewhere.
To send protected email:
‘Safe Links’, as part of the Microsoft Defender Service, helps protect your users from clicking on malicious links within Emails and Files. Safe links provide time-of-click verification of web addresses within Emails and Office documents and can be defined within the SafeLinks.Ant
This can be implemented by:
We hope that you now feel better prepared should a cyber criminal attempt an attack on your systems.
Implementing the correct security measures for the technical landscape of your organisation has the power to revolutionise the way your organisation works. We can implement and maintain your security measures and look for better ways to defend your system. Our success can be attributed to one thing: TRUST. Ever since our very first year in business, our clients have been happy to recommend us to other businesses, and we have grown steadily as a result of these recommendations. We can help you to truly get the most from your IT in the most secure way possible. Don’t hesitate – contact us now!
Book a no-obligation discovery call with a member of our team today by calling 0207 993 9035 or firstname.lastname@example.org