Multi-Factor Authentication and Security Practices Within Office 365

Nearly all organizations experience incoming security threats. Whether it’s via email, malware, or otherwise, organizations must equip themselves with the set of tools to be proactive in blocking and defending themselves against such threats. Organizations in the financial and payment processing sector are unfortunately targeted at a higher rate than others, simply due to the fact that these organizations process and handle significant amounts of funds and payments amongst themselves and their clients.

One easy method to combat any incoming and future threats is to implement multi-factor authentication within your company’s crucial systems. Multi-factor Authentication (MFA) is the process of adding at least 1 extra layer of security to the login procedure. This extra layer can come in multiple forms. Some logins require an additional question to be answered; namely, a personal question that only the user will know the answer to. Other MFA logins require the assistance of a constantly changing PIN and the installation of a mobile app, such as Google Authenticator, LastPass, or Microsoft Authenticator. Others utilize a physical key that is held by the user for the moment when MFA is required.

Implementing MFA will help your organization prevent malicious logins that might otherwise gain access to critical systems, such as email and file sharing apps/servers. In a recent article, Microsoft stated that nearly 99.9% of compromised attacks could be prevented with the use of MFA. With MFA, cracking a user’s password is no longer a straight-forward method of gaining malicious access to a user’s or organization’s data. Having that additional, personalized layer of security is crucial in today’s ever-changing, and unfortunately threatening, environments.

In addition to MFA, Office 365 gives IT Administrators a number of tools to further protect their environment. Microsoft includes many default settings and tools within O365 that work well, but they also allow the administrator to implement further policies and settings that may be more pertinent to their specific organization. O365’s Security & Compliance center is available to administrators and includes many different monitoring, reporting, and proactive steps to be put into place. Setting alerts, activating Anti-Phish and Anti-Malware policies, and general, periodic monitoring are all basic aspects of their security model that are recommended to protect your email environment.  

It’s crucial that security within these systems is not overlooked or implemented in a “set and forget” type of manner. Keeping a close eye on systems and being proactive is the first and most significant step in maintaining that level of security for your employees and the organization as a whole.

For further discussion on protecting your organizational environments, contact Chris at cglisczinski@wcapra.com.