5 Basic improvements you should make to improve your security posture

Office 365 Security – 5 Basic improvements you should make to improve your security posture.

Published 3 January 2019

Most organisations need to protect their data and comply with legal and regulatory standards. This blog gives you 5 basic improvements you should make in order to make a significant difference to your security posture within Office 365.

Many organisations are turning to or have already been using Office 365 to support their primary business functions of email and the suite of office products.  I have come across many organisations who believe that they have an appropriate level of security across email and their Office 365 services due to compliance levels achieved by Microsoft.  However, this assurance and compliance only goes so far – it does not ensure that organisation’s configuration and management of these services at the application layer.

As a belated Christmas present, our team of Office 365 Security & Compliance experts have provided 5 basic steps that will enable you to have a basic understanding of your security posture and significantly reduce your attack surface.

Baseline

In order to effectively baseline your environment, we recommend that you take a look at your Secure Score.  If you don’t have access to this then you need to request access through your IT Team.

Roadmap

Within the Secure Score, Microsoft provide you with a series of actions that can be implemented in order to improve your overall Security Score.  Use this to drive the improvement of your security posture across Office 365. Microsoft have also categorised different actions into whether each recommendation has a High, Medium or Low Impact and Cost. There are certainly a lot of quick wins to be gained with several controls merely requiring the click of a button to implement.

Improve visibility

With E3 and E5 licences or via Enterprise Mobility and Security (EMS) add-on, your organisation will have access to Microsoft Cloud App Security (MCAS).   MCAS provides significant insight into your Office 365 tenant, in addition to being able to integrate numerous additional cloud systems such as AWS, Salesforce, Box and Azure.  You will be able to integrate these accounts and start analysing activity across all these cloud systems.  The capabilities are significant and will allow you to identify threats of data loss, account compromise and policy violations.  Once you’ve got to grips with this service you can also automate responses such as placing certain files into quarantine if a number of pre-requisite rules are met.

Reduce the likelihood

Unfortunately, when accounts are setup we see only too often that an insecure, by default, approach is taken.  A few simple steps will have a significant improvement on your security posture (and your Secure Score);

Set a password policy – Doing this allows you to set a password policy for all Office 365 users. We recommend the use of a longer passphrase e.g. three long random words and a less frequent password rotation. Where possible use the Azure Active Directory (AAD) sync to enforce the policy when extending your existing domain into Office 365/Azure.

Enforce Multi-Factor Authentication (MFA) on all user accounts – Doing this reduces your chance of account compromise.

Disable online login for service accounts – Doing this reduces the chance of service accounts being utilised to gain access to your Office 365 environment.

Implement Azure Privilege Identity Manager (PIM) – Doing this ensures that your users do not operate with full admin privileges and ensures they only have the appropriate permission to fulfil their task in question.

Implement Classifications

Not to be confused with Office 365 labels, Classifications are part of the Azure Information Protection (AIP) capabilities and allows your organisation to implement your classification scheme into your documents.

Initially it is recommended that all supported documents are classified so you can take control of your data. This provides visibility of where your data is located and who is interacting with it. In addition, by using the built-in monitoring capabilities provided by Azure and Office 365 you can alert on anomalous events that involve your data such as external sharing or mass file download. Once you understand what data you have and have classified the data AIP can then be used to apply protection to it using strong file level encryption.

Implementing robust data governance and protection capabilities gives you the ability to decide who can access your data and under what circumstances.  You can restrict access to employees within your organisation, specify a small group of individuals and restrict to your client’s domain or a single email address. In addition to this you can track and revoke access to documents in real time, providing a good level of protection, regardless of the location or device that your data resides on.  This is also a great product to support ongoing compliance with privacy laws such as the General Data Protection Regulation (GDPR) or the UK Data Protection Bill.

Summary

These are just some of the basic steps you can take to make a significant difference to your security posture within Office 365. Bridewell have significant experience in implementing Office 365 Security capabilities and provide ongoing monitoring of threats and alerts detected through their security technology services.  We are also certified by the National Cyber Security Centre (NCSC) and the Council for Registered Ethical Security Testers (CREST) and provide services across Cyber Security, Information Security and Assurance (covers implementing ISO standards), Penetration Testing and Data Privacy.


If you’re interested in discussing Office 365 or any other service then please  get in touch with the team today.