The rise in home working, increase in laptops and wide-scale adoption of OneDrive and SharePoint has only served to intensify issues around data security and access.
But how do you ramp up protection and maintain Microsoft 365 security?
If organisations are to ensure business continuity and avoid reputational damage, there are two objectives they need to get right:
- Reduce the risk of being hit by cyber-criminals.
- Minimise the impact of a malware attack, if it occurs (and the chances are it will).
To increase Microsoft 365 security, Microsoft recommends taking the following 10 precautions:
- Start with identity and access by setting up multi-factor authentication. When logging in, you will need to type a code from your phone for access to Microsoft 365. This can prevent hackers from taking over, even if they know your password.
- Train your users to create strong passwords. Be on the lookout for suspicious emails and install software updates regularly, if not automatically.
- Use dedicated admin accounts only for administration. These are a prize target for hackers so admins should have a separate user account for regular, non-admin use.
- Block attachments with executable files commonly used for malware. Enable the Common Attachment Types Filter and specify from a default list which type of files are automatically treated as malware.
- Create mail-flow rules that warn users about the risks of opening attachments that include macros. Ransomware can be hidden inside macros, so users should not open these files from people they do not know.
- Configure a rule to prevent the auto-forwarding of mail. This stops a hacker with access to a user’s mailbox from using auto-forward to exfiltrate mail – without the user knowing.
- Use Office Message Encryption for email messages between people inside and outside your organisation. This ensures that only intended recipients can view message content.
- Create a policy to protect your most important users and your custom domain from malicious impersonation by configuring targeted anti-phishing protection. Microsoft blocked over 13 billion malicious and suspicious emails in 2019, over one billion of which contained phishing URLs.
- Turn on Microsoft Defender for Office 365, the new name for Advanced Threat Protection (ATP), to distinguish between malicious attachments and files with ATP safe attachments. Files in SharePoint, OneDrive, and Microsoft Teams are also protected in this way
- Use ATP Safe links and apply real-time URL scanning for suspicious links to help guard against hackers hiding malicious websites in links in email or other files.
Sadly, the best security in the world cannot provide 100-per-cent protection from malware. By next year it is predicted that one business will fall victim to a ransomware attack every 11 seconds.
Many believe it is no longer a matter of ‘if’ an organisation will be hit, but ‘when’. Microsoft’s own services agreement (Section 6) recommends backing up 365 with a third party.
But what is the best Microsoft 365 backup solution? Which are the easiest to manage and crucially how can you guarantee recovery from ransomware?
Top 10 requirements for protecting Microsoft 365 Data:
- Make sure you opt for true cloud-to-cloud protection. This avoids the requirement for any on-prem servers or storage management.
- Demand that the protection of your Microsoft 365 data is part of a unified, automated, policy-driven data management strategy. This is important for assigning consistent protection policies across your entire data estate.
- Choose a solution that allows you to migrate data easily and cost-effectively to or from or between clouds. A single, centralised, easy-to-use system that enables you to manage all data will be beneficial.
- Keep it simple with a solution that offers protection of OneDrive, SharePoint, Exchange and Teams in minutes – and restores in seconds. With a user-friendly control centre there should be no need to splash out on user training. New users and sites should also be automatically protected.
- Insist upon customisable retention so that you can keep Microsoft 365 data for however long you want – the standard 60 days or even indefinitely.
- Don’t forget about compliance. Being able to find and delete references to a data subject will enable you to comply with Article 17 of the General Data Protection Regulation – the right to be forgotten. Data centres cannot be anywhere that does not comply with data sovereignty regulations.
- Be sure you can actively track and monitor activity across the cloud platform and easily enable evidence of restores.
- Select a solution that offers granular recovery e.g. the capability to select individual emails, contacts or calendar events. It is preferable to have the option to restore them to the original location or a new folder or site. Being able to access backups temporarily on a virtual drive is also beneficial as it will avoid the need for local disk space.
- Enable administrators and end users to see the data in its exact context by ensuring you can recover historical point-in-time versions of data. Microsoft explicitly states that point-in-time restores of data are not in the scope of the Exchange service.
- Make strong security a priority. Data should be encrypted before being transferred. Whenever you add a backup set, Microsoft should ask for your permission before allowing access to your data, while role-based permissions are vital for ensuring only your relevant staff have the right to carry out restores.
No-one can stop the cyber-criminals and there is no way of eradicating ransomware. But with the right cloud backup, you can ensure your organisation is not held hostage to their demands.
Try Redstor for free on a 14-day trial today and see how quickly and easily you can protect, manage and recover your Microsoft 365 data. Find out why IDC believes Redstor is redefining the data protection market.