Securing a distributed work force: 5 ways to secure your Microsoft 365 account
Due to recent events that have directly impacted the way we work, live, and interact, the need of effective distributed work forces continues to rise. With this rise in disbursed workers, there is also an equal rise in the amount of data being accessed remotely. This opens the door to attacks and threats to this data, with an increased chance of it being compromised. Microsoft 365 provides several solutions to ensure data integrity and prevention of loss. Below are 5 methods with which individuals can help protect their accounts and data within the Microsoft 365 platform.
1. 2 Factor/Multifactor
Multi Factor Authentication (MFA) is one way to secure authentication and access to your account in Microsoft 365. It requires using a code that is sent to a second authentication method, either it be through a secondary email address, phone number, or using the Microsoft Authenticator App – which generates a random code. This adds another layer of security than just a password. Most people currently use their cellphone to send a code by text message. This is not as secure as most would think, as a cell phone can be hacked (or someone could take possession of your SIM card and place it in another device) so we recommend using an app like Microsoft Authenticator with your account.
2. Password Complexity
Using a password with several forms of complexity can be the difference between having your accounts exploited and having them be secure from unwanted access. Most web forms and sites even require this by default (requiring a minimal number of characters, one capital letter, one number, one special character, etc.) Most will chose a word or number combination that is familiar to them – but this opens the door for attacks from those who may have information about you. One recommendation is instead of using a word, try using a phrase.
Example: “Where in the World Is Carmen San Diego” is the phrase we want to use. We can use the first letter from each word, combined with a number sequence to generate a password for us. So, the phrase becomes “WitWICSD”
3. OneDrive Known Folder Backups
OneDrive gives you the ability to save your files to Microsoft’s cloud storage solution, giving you the option to back up important documents that you may have on your machine. The added advantage of this is that it can be useful in situations of ransomware attacks (where an outsider takes control of your files or prevents you from accessing them). OneDrive provides the option to recover files that were backed up to their original state prior to the attack.
4. Look out for phishing attempts
Phishing attempts occur when someone attempts to gain information about you through an engineered and intentional method. This can come in several forms. You may receive an email stating your bank account may be compromised and a request to click a link and enter your account number to verify, or that your Microsoft account has been compromised and you must change your password from the included link. Be mindful of any emails asking you for your information. These emails may look like they come from legitimate sources, so check carefully. You will see things like Micros0ft.com (the “0” instead of an “o”) or WellsFargo.ru (the.ru). these subtle differences could mean the difference between a legitimate site and one that only wants to steal your information.
5. Mixing business and personal data
With more and more individuals working remotely, there will more than likely be an increase in the number of devices being used for both business and personal tasks. We recommend trying to avoid this, however Microsoft has built in features through services like Intune that allow you to protect corporate data, should there be compromise. For example, you can set up a PIN in order to access your business email. This protects that data should the device be lost or compromised.
There are other ways to secure your data and accounts through Microsoft 365 through Intune, policy application, and advanced threat protection, but these are just a few of the small changes anyone can make to add a bit more strength to their own security practices. Having good information can help anyone increase their own levels of awareness and security, leading to data that is protected and people that can continue to stay connected.