If you’re wondering what you can do to make your cloud environment more secure, you are certainly not alone. The incentives are higher than ever for attackers, and with the proliferation of internet connected platforms and applications, there are more avenues to exploit than ever before. Here are some tips you can use to reduce the likelihood that you’ll be victim of such an attack.
Multi Factor Authentication
Most attacks these days start out not with a software vulnerability, but with a compromised identity. Across the globe, passwords are successfully phished on a constant basis, and once an attacker has compromised an account they can often move laterally within your environment. They employ escalation of privilege attacks and other strategies to gain additional control over the environment, with the ultimate goal typically being encryption of data and critical systems and backups along with exfiltration of data useful for extorsion and/or launching additional attacks.
One way to protect against this is to switch from solely password-based authentication to multi-factor authentication. MFA works by requiring possession of a specific device, so just the password is inadequate to access the account. This can be turned on for your entire tenant by enabling security defaults in Azure Active Directory, or for specific users. There are multiple ways to enable MFA but one of the best is to use the Microsoft authenticator app, which supports push-based notification so there is no need to juggle SMS codes, and is also more secure. To balance security with usability, Azure Active Directory can remember a specific user and device combination, as long as the security context of the session does not change (i.e. the user continues to connect from the same device an network, they will not be prompted for MFA repeatedly.) Azure Active Directory Premium Plan 1, which comes with Microsoft Business Premium, includes Conditional Access policy capabilities which provide very fine-grained control over when to allow, deny, or require two-factor authentication for a given connection attempt.
For those using Remote Desktop, RemoteApp or Remote Desktop Gateway connections, Azure MFA can still be leveraged through multiple options, including Microsoft’s Network Policy Server or via Duo.
Anti-Phishing Policy
By default, Exchange Online mailboxes are protected by Exchange Online Protection, which filters out high confidence malware and phishing attempts. For organizations that use Microsoft 365 Business, which includes Microsoft Defender for Office 365, anti-phishing policies allow much more fine-grained control over the organization and mailbox delivery policy. For example, incoming emails that appeared to be from key stakeholders within the organization but are actually from external recipients (known as a spear phishing attack) can be filtered out by a separate policy.
Anti phishing policies allow you to manage impersonation settings, spoof settings, and set custom phishing thresholds. The toolset also includes a framework to simulate attacks against your organization to determine how well your filters are functioning.
Email Encryption
Did you know Microsoft Office 365 supports native email encryption? Built on Azure Rights Management (Azure RMS), it lets you send encrypted email to people inside or outside your organization, regardless of the destination email address (Gmail, Yahoo! Mail, Outlook.com, etc.). As an admin, you can set up transport rules that define the conditions for automatic encryption as well. Along with the encryption, users can define whether or not the messages can be forwarded by recipients, or whether they can leave the source organization.
Safe Links
Enabling safe links is a great way to protect yourself from existing and emerging threats. This feature redirect all URLs embedded in emails to Microsoft servers for scanning before redirecting the user to the original site. Sometimes, a link is safe when it is sent, but between the time the message is delivered and the time it is opened by the recipient, the site in the link could be compromised. For this reason, Microsoft provides this service at time-of-click utilizing Azure’s machine learning capability – rather than just when the email is delivered, to provide the best protection and spot trends that could suggest malicious activity, protecting your users from unsafe links, even if they were fine when the message was initially sent.
Configuration Analyzer Report
More suggestions on ways to improve your tenant security can be found inside the Office 365 security and compliance center. The configuration analyzer will compare your tenant settings with best practices and will even automatically remediate some configuration issues with your approval. Your existing policy settings for anti-spam, anti-phishing, anti-malware, and safe links are available for review along with recommendations grouped into relevant sections. It’s a great way to quickly find low-hanging fruit or configuration problems that expose your tenant.
Staying protected in today’s cyber landscape is of paramount importance. These five steps are a great start.
If you have questions or need some assistance, visit our support page for more help.
