As the situation in Ukraine worsens the National Cyber Security Centre (NCSC) are advising UK businesses to tighten their belts and act on improving their cyber security measures.
Microsoft’s Threat Intelligence Center has seen both typical and sophisticated attacks coming out of Russia over targeting Ukraine over the past few days, and it is fundamental that businesses take the opportunity to protect themselves from these risks.
So, what can you do today that will make an impact and put you in a better position? By no means an exhaustive list but here’s my top five recommendations on quickly improving your security posture within Office 365.
Protect user identities
Ensure multi-factor authentication is enabled for all accounts along with disabling legacy authentication, this can be achieved with either granular controls using Conditional Access or quickly with little technical knowledge by using Security Defaults. Password protection and Identity Protection should also be deployed to ensure users passwords are always strong along with automated remediation of risky sign in activity.
Harden application permissions
By default Office 365 allows users to register applications to Office 365 using their account, this creates attack vectors for malicious actors as they are then able to exfiltrate data from your tenancy, in some cases by imitating genuine apps. By disabling ‘App registrations’ and ‘Users consenting to apps accessing company data on their behalf’ you significantly reduce the risk of this happening.
Email Security
Microsoft offer preset security policies within the Defender suite targeted at protecting Exchange Online, these are a great way of very quickly improving your email security with features such as Spam policies, Safe Links & Attachments, Anti-Phishing policies and MailTips to educate users on suspicious emails they might receive.
Enable auditing
Microsoft 365 audit log search is enabled by default on all new tenants, but if your tenant is older, it might not be enabled – Go turn it on within the Security or Compliance portal to get user and admin activity recorded and retained for up to 90 days, higher level licenses such as Microsoft 365 E5 allow you to extend the retention period of these logs.
Use MDM and MAM to protect mobile devices
Ensuring mobile devices are either compliant or using only approved applications with additional security and DLP controls when connecting to corporate resources is critical. Incorporating Defender for Endpoint with Microsoft Endpoint Manager provides a rich set of security controls in particular, Attack Surface Reduction rules which will quickly improve security on Windows devices. Enabling MAM with Conditional Access allows for a light touch on user’s mobile devices while ensuring corporate resources are always protected.
The above recommendations only scratch the surface of the possibilities and services available to organisations using the Microsoft 365 platform – If you need any assistance around configuring this service or for advice around improving your security posture, book a meeting with one of our Microsoft 365 consultants to see how Vital Technology Group can help you.
Related articles:
https://www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences
ACTINIUM targets Ukrainian organizations – Microsoft Security Blog
Digital technology and the war in Ukraine – Microsoft On the Issues
