In our recent webinar, Microsoft 365 Security Best Practices, Scott Davis, Sales Engineer at Liongard, shares valuable security insights to Microsoft 365 and demonstrates how automation can help you proactively manage systems across the board.
“I think MSPs fall behind on security sometimes because they turn into firefighters,” says Scott. “If you’re only being reactive on the security side, or only responding to attacks once they happen, you’re not getting ahead of the attack, which is where you need to be. If you’re not proactive, you’re just hopping from fire to fire. You need the right tools to go from firefighting to fire prevention.”
Everything comes back to the basics of technology, and cyber-attacks affect us all, from schools and government agencies, to real estate and retail. When thinking about MS365 and security, there are six main critical threats to focus on:
Unauthorized mail forwarding
This is one of the most common threats—phishing emails either steal credentials to deploy ransomware, or set up email forwarding so that users are unknowingly sharing emails with nefarious actors. Their ultimate goal is to find a billing or accounting contact to gain access to financial data they can use for things like invoice fraud.
Weak passwords or disabled MFA
If you’re not currently forcing your customers to adopt multi-factor authentication (MFA), you should be. When it comes to security today, MFA is necessary, and something your customers can’t afford not to implement. And, as an MSP, you need to be able to identify users with weak passwords and who aren’t adhering to MFA best practices.
Unnecessary privileged users
Giving more access than necessary to users is an easy way to create security risk. For instance, as a technical administrator, do you have global admin rights with your day-to-day login? As a best practice, you should have a separate admin account with increased permissions. It may seem like a hassle, but the security benefits far outweigh the inconvenience of logging into a separate admin account a few times a day.
Phishing-related OneDrive files
Similar to unauthorized email forwarding, bad actors will also try and gain access to OneDrive files, like work orders and invoices, for monetary gain. As an MSP, if you don’t catch the small cues and signs of infiltration, you customers can lose money that they’ll never recover.
Have you made sure legacy authentications (SMTP, POP3, IMAP, etc.) are disabled for your users? Outside of things like printers that need to connect to SMTP to send outbound emails, for example, you don’t need that legacy authentication for anyone else. The way most users will connect with MS365—through their phone or laptop—will use the standard Exchange protocol.
DKIM, DMARC and SPF
These aren’t new—in fact, DKIM, DMARC and SPF are all public information that can easily be accessed if you know where to look. For instance, if your customers are receiving a lot of spam or phishing emails, you may need to take a second look—specifically your SPF settings—to make sure everything is set up properly to MS365 standards.
MS365 Security Best Practices
As an MSP, there are some things you can do to reduce the possibility of a security breach and protect your customers and users.
- Use MFA and strong passwords
- Use email encryption
- Implement strong phishing protection
- Train and test your users
- Use enhanced filters for content and image identification
- Configure DMARC
Manual Monitoring Leaves Your Clients at Risk
Documentation is the core of everything you do as an MSP, from security to reporting. If you don’t have the right data and documentation, you don’t know what you’re protecting, what holes you might have in your security, or what you have to do to protect your customers.
When you rely on manual documentation, you’re constantly switching between systems and apps to get the information you need and, a lot of the time, that information is just surface level data. When you’re focused on the tickets coming in and jumping from project to project, documentation can be the last thing on your mind, and security for both your MSP and your customers can suffer.
The built-in MS365 monitoring and alerting function work well, but sometimes can be hard to integrate into your PSA for streamlined ticket management and issue alerts. It can be time-consuming and tedious to set up each instance for each client, and manual documentation and monitoring usually results in stale data, missed alerts, or critical security settings that are never turned on, all causing headaches for you and security risks for your customers.
Liongard Automates MS365
Liongard integrates into your Microsoft stack, giving you access to 39 actionable alerts across all your customer accounts—immediately. The best part is, Liongard is set up once at the customer level and can be instantly associated with all related accounts at the touch of a button. You can create custom alerts and metrics for the data that matters to you, and then apply those alerts across the board—no more manual set up! This allows you to reduce noise and focus on what matters most to you and your customers, providing full visibility from billing to sales to support.