How to fortify your Microsoft 365

12 Apr How to fortify your Microsoft 365

Posted at 13:42h in Cyber Security by admin

Cyber security should be at the forefront of concerns for all business owners / managers, with Covid-19 reaping havoc worldwide over the last year – the need for good cyber security is essential.

Many do not understand the seriousness of not having adequate security measures in place, one of the biggest threats to the survival of your business is cyber crime in the modern world and you need to be prepared.

In the first blog of the series, we will explore why you need to secure Microsoft 365 and some of the potential threats to your systems. We will then follow up with two other blogs exploring the myriad of security measures that 365 has to offer.

Just because your business is smaller does not mean it is immune

Size is irrelevant in the eyes of a cyber criminal, if they see an opportunity for access, they will take it. If anything, with small businesses usually lacking the technical infrastructure or budget to implement adequate defences they are more vulnerable. Yes, the prize is usually smaller but if you were a criminal which would you prefer, the small business that isn’t very well equipped to defend itself or the big business with the latest ‘better than the rest’ cyber security measures?

It is not time to go out and spend obscene amounts of money on the latest and greatest security measures to rival the security of an impenetrable bank. It is, however, time to explore cost-effective methods capable of protecting your systems to a level from your which your business is protected.

We have all seen the classic image of a ‘hacker’ sitting behind a computer in a dark room capable of doing things with a computer that most could not even dream of doing. These days are long gone, hackers are no longer just tech geniuses, they are the new kids on the block that have just enough technical prowess to walk in the footsteps of their predecessors.

Why secure Microsoft 365?

Most businesses worldwide rely on 365 somewhere in their work processes, they boast a variety of tools that promote and enhance communication, collaboration, or productivity – 365 has it all. With 365 being so apparent in practically every workplace that has a tech presence – which is basically all businesses in the modern world – you probably already have some sort of anti-malware protection, password policy or something similar in place. Any security is better than none but there are many more steps that you can take in securing your Microsoft 365 that we will explore in this blog series.

Let us take a closer look at one of the biggest vulnerabilities posed to the security of Microsoft 365 – email.

The vulnerabilities of Email

Businesses around the world predominantly host their email in Microsoft 365. Email is the most vulnerable point in your security, this is because it needs to be open at all times otherwise it isn’t serving its purpose, this leaves it susceptible to malicious emails. Cyber criminals’ goal is usually to gain access but with attacking via email that door is already open to them.

It is getting more and more difficult to determine a malicious email from a genuine one – two of the most common forms of email phishing attack are as follows:

The cyber criminal posing as a known brand or company

This form of attack has grown in popularity exponentially since the outbreak of Covid-19. Over the last year, thousands of emails were sent out posing as HM Revenue and Customs (HMRC) – ‘dangling the carrot’ of tax rebates and financial gain through support funds related to Covid-19 to lure in unsuspecting users.

The cyber criminal posing as a company employee or director

This form of attack can be harder to explain. Let’s use a hypothetical example to make it easier to understand.

A large company falls victim to a cyber criminal by masking themselves as the company’s financial director. They can do this by sending an email to a member of the finance team – impersonating the CFO’s personal mailbox – instructing immediate payment of a large sum of money to a particular bank account – the email contains the CFO’s official ‘E’ signature too!

It is easy in this scenario to blame the member of the team that sent the money, but it is understandable why they trusted the email and thought it was valid. The cyber criminals attack was successful – the finance team did as instructed by what they thought was a senior member of the team and unwittingly handed over a large sum of money to a cyber criminal.

Let’s take a look at another type of attack that uses trust, deception, and urgency to force your hand.

How can Ransomware slip through?

Ransomware is a type of malicious software (Malware) that gains access to your system through email. Ransomware is designed with the sole intention of removing your access to your data by encrypting your files behind a secure key – a key the cyber criminal has ownership of. The cyber criminal is literally holding your data ransom until you pay the requested fee, although this does not guarantee you will get access to your data back – they are criminals after all, don’t trust them.

Cyber Security for your business with Urban

Are you concerned about your cyber security? Are you unsure what security measures to adopt? We can help! Our team of experts will work with you to learn how you do business to find security solutions that work for you. We provide a trusted, competitive, and impartial service to our wide range of customers throughout Greater London and beyond. Contact us now and see where we can help you.

Tags:

Cyber Security, Microsoft 365

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.