When it comes to data protection, it can feel like you’re playing whack-a-mole because there are so many areas were information can be at risk.

 Device access to cloud data can be compromised, confidential data can be accidentally shared (oops!), or ransomware can get in from a successful phishing attack or an account being hacked.

 Where should you focus your data protection efforts?

 Today’s IT security needs to largely be focused on cloud platforms, because that’s where the data is!

90% of companies are using the cloud for their workflows.

 Platforms like Microsoft 365 give users several ways to protect their data, but companies have to know how to use them. Not all security settings are defaulted at the highest level and not everyone knows how to use tools like sensitivity labels (or what they even are).

 We’ll go through some of the best security tips to use for Microsoft 365 to keep your user accounts and data properly protected.

 Use the Secure Score Tool

 Misconfiguration rose to the top of the list for error-based causes of data breaches in 2019. Users often leave security settings at insecure levels simply because they don’t understand them or know how to improve the security of their account.

 Microsoft Secure Score can come to your rescue by telling you exactly how secure you are compared to other companies and walk you through suggestions for adjusting your settings to make your account safer from hackers.

 You can access Secure Score in the Microsoft 365 security center. The tool assigns numerical points to different security actions, like enabling multi-factor authentication for users or reviewing mailbox security reports weekly.

 Secure score will tell you what you should do, link you to the place to do it, and then give you points for doing it. So, you get the satisfaction of a high score along with improving your company’s cloud security.

 Deploy Sensitivity Labels to Classify Content

 There are all types of data that a company creates every day. Some of it may be for public consumption, like a marketing brochure. Some may be highly sensitive like a list of all your customers and their account size.

 Sensitivity labels gives you a way to tell Microsoft 365 and the apps inside (Word, Excel, PowerPoint, Teams, etc.) which data needs more protection.

 You can set up category labels however you like, for example:

  • Public content
  • Internal use only
  • Confidential
  • Super Secret Stuff

Then you set up data handling protocols for each of those categories. You can put on protections to add a watermark, restrict copying, encryption, and much more.

 Sensitivity labels can be applied by the user or automatically by the system based upon keywords as documents are created. It’s a great tool to avoid sensitive data accidentally being shared outside your company.

 Use Multi-Factor Authentication (MFA)

 This one is almost a “no-brainer” because it’s so effective at keeping your user accounts from being hacked.

You can set up multi-factor authentication in the administrative settings of Microsoft 365 and it will require all users to set up a device to receive the MFA code the next time they login.

 MFA keeps out 99.9% of bad guys trying to breach your user logins.

 Block Suspicious File Types in Email

 You have some sophisticated malware-blocking capabilities in Microsoft 365 that will keep dangerous file types from being received into your user inboxes.

 You can turn this protection on by going to the Security & Compliance Center in your account.

  • Under Threat management choose Policy > Anti-Malware
  • Double-click the default policy to edit
  • Select Settings
  • Under Common Attachment Types Filter, select On
  • Click Save

You’ll see the file types that the protection blocks when you turn it on and can add or delete certain file types if you like.

 Set Up a Special Account for Administration

 If a hacker gets their hands on the login for an account that has administrative powers over your Microsoft 365 account, they can go to town bringing down all your security and accessing whatever they like.

 You can provide a level of protection for that account by not making it a normal user account that someone is logging in and out of every day. Instead make it a special account that is only used when administrative functions need to happen.

 By separating your global administrator account from a normal user account, you can reduce the risk that it will be compromised.

 Create a Security Culture

 This tip is more about user training than a Microsoft 365 setting. Any office security strategy is only as secure as its weakest link and this is often its users.

 Train users regularly on application and data security so behaving in a secure way will just come naturally as they go throughout their day.
Choose an ECN IT Solutions Plan to Combine Microsoft 365 & the Security You Need

 We offer three easy plans to choose from that provide cloud productivity and multiple security protections that can keep your Tucson business data secure.

 We’re here and ready to help you choose the right plan! Reach out at 520-355-7553 or through our website.