Limited time offer: Let Amaxra manage your Office 365 licensing and we will configure security such as multi-factor authentication at no additional cost. Email firstname.lastname@example.org or chat with us on this website to find out more.
At this point, most business owners don't need anyone to explain why cyber-security is important for their business. They already get that there's an ever-increasing threat to data and privacy. What entrepreneurs, especially those at the helm of a small to mid-sized business (SMB), really need is advice on how to counter all of those cyber-security threats.
Amaxra experts have successfully deployed cyber-security solutions for the better part of a decade for SMBs and large enterprises. From our real-world experience, Amaxra's consultants recommend Microsoft 365, a subscription service that combines Windows 10 Pro, Office 365, and the built-in cyber-security of Enterprise Mobility + Security features for our entrepreneurial clients. Microsoft 365 is a solution that not only leverages cloud-based productivity software but also provides your business with a strong cyber security profile. For entrepreneurs with Microsoft 365, Amaxra suggests these three things you can do in just a few minutes to enhance your business' cyber-security:
Set up multi-factor authentication for all users
Multi-factor authentication (MFA) is a simple and effective way for increasing your business' cyber-security. In the Microsoft 365 Admin Center, you can require all users to log in using MFA in just a few clicks. Amaxra previously blogged about setting up MFA, but if you can configure multi-factor authentication for all of your users by following these five steps:
- In the left navigation pane of the Microsoft 365 Admin Center, select Setup
- In the Sign-in and security section, under Turn on multi-factor authentication (MFA), select View.
- On the Make sign-in more secure page, select Get started.
- Select the following checkboxes in the menu:
- Require multi-factor authentication for admins
- Require users to register for multi-factor authentication and block access if risk is detected
- Select Create policy. You will return to the Make sign-in more secure page, which will now say Manage.
After you set up multi-factor authentication in Microsoft 365, all users that connect to any data or documents on your corporate network or stored in the cloud will be required to verify their identity using MFA. To see a short video showing you how to configure MFA, see our October TechTalk.
Use dedicated admin accounts
An issue that haunts fast-growing startups is too many users have "elevated privileges" on their network accounts. Even if it's just assigning a graphic designer with an administrator account on their local PC to install their line of business software tools more efficiently, these are valuable targets for hackers and cyber criminals. Use admin accounts only for administration. And even your network admins should have a separate user account for regular, non-administrative use and only use their admin account when necessary to complete an administrative task.
Of course, if you have already enabled MFA for all Microsoft 365 users on your corporate network, then this applies to your admins as well. Multi-factor authentication for admin accounts is an extra layer of cybersecurity that is an excellent defense against hackers using stolen credentials against your organization.
Protect against phishing attacks with ATP
Originally found in Office 365, the Advanced Threat Protection or (ATP) feature helps protect users against phishing email attacks. The ATP anti-phishing policies are super easy to configure from inside the Security & Compliance > Threat management > Policy menu in the Microsoft 365 admin panel:
Amaxra consultants have seen a steady rise in phishing attacks against Microsoft Office 365 and now Microsoft 365 users. Phishing is when a criminal hides a malicious website links in email—usually to steal a user's credentials for nefarious purposes. Customizing the ATP anti-phishing feature in Microsoft 365 for your organization adds much-needed protection. From the Microsoft 365 Admin Center, look for the Threat management option on the left navigation pane then choose Policy. Choose the Anti-phishing option (you might see it labeled "ATP anti-phishing" depending on your subscription plan) to review the default anti-phishing policy.
While every organization is different when it comes anti-phishing needs, at a minimum we recommend modifying the default policy to include Enable mailbox intelligence based impersonation protection which takes advantage of Microsoft's multi-billion dollar per year spend on artificial intelligence (AI) and secure global cloud infrastructure to determine a user's typical email patterns. With this information, the cloud-based security AI can better distinguish between genuine and phishing emails automatically.
Overwhelmed? Let Amaxra help your business
These three things can help establish a baseline for your business' cybersecurity. But to stay secure amidst the evolving cybersecurity threat landscape requires vigilance. Your business can trust Amaxra to deploy and configure a Microsoft 365 solution with world-class cybersecurity protection. As a Gold Partner with Microsoft, Amaxra leverages our years of expertise to deploy a Microsoft 365 solution that matches your budget and specific business needs.
Contact me at Thane.Belnap@amaxra.com or call 425 749 7471 if you have any questions or comments on this blog.