Microsoft 365 has grown in popularity as Australian businesses become increasingly reliant on cloud platforms to adapt to long-term remote work environments. It’s an obvious decision for businesses to make, considering that Microsoft 365 offers a full suite of productivity and collaboration tools rolled into one package. However, as more businesses move to the cloud, cybercriminals are not too far behind.
Account takeover is one of the most effective ways for cybercriminals to infiltrate cloud environments and steal sensitive information. According to early 2020 data breach statistics, 133 security incidents reported by organisations involve unauthorised access to accounts through phishing and compromised login details.
To fully protect your Microsoft 365 accounts, it’s therefore crucial that you follow the security best practices listed below.
Implement multifactor authentication (MFA)
Passwords alone are insufficient against account takeover because they’re fairly easy to hack. There’s a chance that employees use weak passwords, allowing hackers to simply guess their way into company accounts. Even if users are diligent with setting strong passwords, hackers have brute force software that can crack passwords in minutes through trial and error.
That’s why enabling MFA in Microsoft 365 is so crucial. Instead of betting everything on passwords, MFA requires users to submit additional login credentials to prove their identity. These credentials include:
- One-time activation codes sent via SMS or generated by Microsoft Authenticator
- Phone callback verification
- USB security keys
- Fingerprint scans and facial recognition
By implementing MFA, hackers can’t break in unless they have access to all the credentials necessary to sign in. You can enable this feature for all users by turning on modern authentication in the Microsoft 365 admin centre. It’s also possible to set conditional access policies that require MFA for user accounts based on authorisation levels, location, apps, or other criteria.
Utilise advanced threat protection
Microsoft 365 Advanced Threat Protection (ATP) is an enterprise-level service that defends your organisation against a wide array of attacks. It leverages artificial intelligence to detect abnormal behaviour in user accounts and devices that may indicate a threat. Examples of this include an unusual number of login attempts, large file transfers, and one device accessing multiple accounts at once. If ATP picks up any of these malicious activities, it instantly creates a user exposure report and sends alerts to administrators detailing recommendations on correcting the issue.
What’s more, ATP analyses email attachments and links in an isolated environment to uncover malicious intent. Emails containing traces of malware or fraudulent links are instantly filtered out of employee inboxes, preventing hackers from gaining a foothold into your accounts.
Review account privileges
When a cybercriminal manages to hijack an account, they’ll often try to escalate their access privileges to compromise sensitive data. Regularly reviewing Microsoft 365 permissions allows you to identify this problem early. With Microsoft 365’s built-in monitoring and auditing features, everything from access permission requests, approvals, and administrative activities are logged and analysed in real time.
From there, you can review account restrictions and reconfigure access privileges to prevent misuse of company applications and data. For instance, you can program Microsoft 365 so that financial records can only be accessed by authorised accountants and executive managers. It also lets you decommission accounts that are no longer being used, so you can mitigate further damage to your organisation.
Control access based on device and location
Another effective defense strategy against account takeover is to register devices in Microsoft Endpoint Manager. This allows you to track and establish company-wide policies from a centralised console. More precisely, you can limit access to Microsoft 365 accounts and data if employees are connected to unverified networks and locations.
Microsoft Endpoint Manager can also deny access to Microsoft 365 if devices aren’t secure enough. That means devices that don’t have anti-malware, encryption, and the latest security patches won’t have authorised access until they’re secured. By limiting access through these methods, cybercriminals won’t be able to remotely infiltrate company accounts.
Train staff on security best practices
Cybercriminals evade powerful security measures by exploiting a company’s weakest link: its employees. They research their target across open databases and social media to look for names, addresses, and other identifying information. Cybercriminals then use this information to either answer password reset questions or, in most cases, create personalised and deceptive phishing scams.
In fact, recent phishing emails reference a victim’s workplace and include a malicious link that leads to a fake Microsoft 365 login screen. Any information entered on this page is directly sent to the scammer, giving them unfettered access to company accounts.
With regular security training, your business can avoid such an outcome. This involves teaching employees to develop good password habits, watch what they share online, and be critical of every email and website. Password policies should encourage staff to set at least a 12-character long sequence of letters, numbers, and symbols that’s unique only to their Microsoft account. Conducting phishing simulations is also a great way to test your employees’ security awareness and help them identify the latest phishing scams.
If you need professional assistance with safeguarding Microsoft 365 accounts and training your users, look no further than Empower IT. As Australia’s leading managed IT services provider, we offer well-rounded cybersecurity solutions and services customised to your needs. Get in touch with our experts today to protect your systems from account takeover.