Securing Our House - Office 365 Security Standards
We are continuing to work on our internal goal here at Mapletronics to "Secure Our House". We have prioritized closely looking at and monitoring all of our internal policies, procedures, and settings to ensure that we our protecting our data as much as possible.
As cyber threats continue to grow and change regularly, we continue take security very seriously within our organization and for our clients. It is of top priority for us to be sure that we regularly audit our internal processes to feel confident that we are doing what all that we can to prepare ourselves and our clients for a security breach.
We previously shared how we are using internal Phishing testing to help educate our teammates on phishing attempts and find any weakness within our team. To learn more about what we're doing and to view our recent results visit: https://www.mapletronics.com/post/securing-our-house-how-phishing-testing-is-decreasing-our-chances-of-being-a-victim-of-cyber-crime
As part of our "Secure Our House" initiative we are sharing with you the internal policies and procedures that we are setting here at Mapletronics so that you can both see the steps we are taking and begin to implement the same policies and procedures for your organization.
One way in which we have looked at our in-house security is by closely inspecting our Office 365 settings and making sure that we are using all of the security features possible to protect our data. We encourage all of our clients and all businesses in general who are using Office 365 to take a look at their Office 365 settings as well to bring ensure that they are being as secure as possible.
Here are the things that we are doing at Mapletronics and with our clients to ensure security while using Office 365:
All users will be setup for Multi-Factor authentication and conditional access policies will be setup to require Multi-Factor authentication. Clients can make the decision if they want the baseline policies (All or Nothing) or if they want additional Office 365 Licensing to give us the ability to customize the policies. (Example, MFA is not required inside the corporate office)
Warning banners will be setup for all external email. These banners are displayed on emails that originate from outside of the organization to warn recipients that the email could be unsafe and to double check the source and the information before clicking links or downloading files.
Active Directory user accounts will be reviewed to make sure only necessary users are synchronized to Office 365. This ensures that there are not inactive or outdated accounts sitting in Active Directory that could be accessed by cyber criminals in an effort to steal company data or information.
Modern Authentication will be enforced by conditional access policies. If clients have Outlook 2010 or earlier or old versions of Android or IOS these legacy devices will not be able to connect to Office 365. Microsoft is deprecating legacy authentication in October 2020 when extended support for Outlook 2010 ends.
Exchange Online Protection will be configured to block email if the SPF record fails from the sender. Spam / Junk mail will be delivered to the users Junk mail folder.
Advanced Threat Protection will be setup and configured. More about Advanced Threat Protection here.
We will make additional hardening changes base off Microsoft Recommendations (Secure Score).
DNS will be reviewed and SPF Records, DKIM, and DMARC will be setup / modified. DMARC reports will be review and once all legitimate email is identified the DMARC record will be changed from observing to blocking. This keeps unauthorized parties from spoofing your companies domain to send emails impersonating a member of your organization.
If you have any questions about implementing these security measures within your organization's Office 365 settings or would like to begin discussions on your company's cybersecurity needs please reach out to us at 574-534-2830 or contact us here.