(18.10.2022)
IT security is also an important building block in data protection
Do you use Word and Excel and other services from Microsoft 365 in your company? Hardly any other office software is so widely used and can store so much confidential information. It is therefore a particularly valuable target for hackers and criminals of all kinds. It is worthwhile for companies to invest in employee awareness and in measures to protect the system – and also to avoid data breaches in the first place.
We have compiled a few suggestions here on how you can ensure (even) somewhat better protection (in no specific order, this list is not exhaustive):
- Activation of 2-factor authentication:
It is very beneficial for security if employees log in, not only with their password, but with an additional factor as well. This factor could be sent to the cell phone for example via text message or an authenticator app. For applications installed on a device, this factor is only queried initially and then at greater intervals, so that there is hardly any disruption to daily work. For logins via portal.office.com it is possible to set that this additional code is requested every time. Even if a password has been lost, an unauthorized person could no longer log in with this password alone.
- Disable Word macros:
Word documents that come in as email attachments can contain malicious macros (for example, encryption Trojans). Therefore, the settings on all employee accounts should be configured to not enable macros in Office documents by default. You can enable them on a case-by-case basis if the document comes from a trusted source. - Protected view for files from the web:
Files loaded from the Internet should automatically be shown in protected view only. Editing (and executing malicious code) is thus initially not possible. Users must check the trustworthiness of the message before deliberately sharing it. - Individualized optics through company branding:
The online version of Microsoft 365 (in the browser) can be secured by a company’s own design. Using the company logo and individual backgrounds, employees recognize that they are in the real portal. This makes it much more difficult to tap into login data via fake pages.
Do you have any other ideas on how to improve security in Microsoft 365 and other services? Then feel free to write us a message.
Summary:
The more data and especially the more sensitive data is beeing processed on IT systems, the better they must be protected – this applies to Microsoft 365 in particular.