Home Business Office 365 Security Tips: Remote Edition

Office 365 Security Tips: Remote Edition

by Sinke Car

Coronavirus, or COVID-19, forced many organizations to let their employees work from home. The necessity of remote work touches Office 365 users as well. Organizing remote work in a productive and secure way is important. But how to ensure the Office 365 data security with so many employees switched from office work to remote? Here are some tips for you.

Have Your Office 365 Data Backed Up


Switching to remote work may cause a temporary period of weaker communication inside an organization. This may cause data loss and damage the workflow significantly. Though Office 365 offers some basic protection, your data still can be lost or damaged.

Perhaps, backup is the best way to ensure your Office 365 data can be recovered if something goes wrong. Should it be accidental deletion, insider threats, or a cyberattack, a backup copy of your data can be used to restore the lost or damaged information.

There are a couple of things to consider when backing up your data. Firstly, ensure that backups are regular and frequent enough. Having at least one backup per day is a reasonable minimum. Secondly, try to keep several backup versions to ensure you can recover your data even if the most recent version has already been damaged.

A good backup tool gives security and visibility to Office 365 data protection, which is crucial for creating a productive remote work environment.

There are some great backup solutions that will help you to keep your O365 data secure. For example, Spin, an automated daily backup software that will help you to recover lost Office 365 emails and files.

Watch Out for Phishing


More than 98% of cyber attack relies on social engineering, which means that cybercriminals will try to trick Office 365 users into disclosing important information or downloading a virus.

Many Office 365 users are now working remotely, and emails are replacing verbal communication. Hackers are aware of it and modernize their social engineering tactics. Phishing is one of the most common types of cyberattacks involving emails and social engineering.

Phishing emails can look different. Attackers often try to fraud an identity of a C-level executive, HR manager, or business partner with the goal to seal valuable data. Clicking links, images, or files in phishing emails lead to malware infection.

There are recent phishing cases when attackers were impersonating the World Health Organization. The criminals were trying to make people click a fake link disguised as the anti-coronavirus safety measures.

There are some red flags that will help you to detect a phishing attack. They include:

  • Misspellings in organization or domain name of the sender
  • Abusive and threatening language
  • De-personalized and generic text
  • Unnatural images
  • Links to suspicious websites

However, data loss due to phishing or other reasons may not be that scary. After all, it’s possible to recover all deleted items Office 365 environment contains.

Check the URLs


Remote work involves clicking a lot of links. Phishing is a common, but not the only way to spread corrupted links that will lead viruses into your system. That’s why checking each link your click is extremely important. It has always been so, but now even more attention should be paid to URLs.

Cybercriminals often use misspellings and wrong domain names to trick inattentive users. For this reason, it is not recommended to click URLs that do not start with HTTPS unless you are absolutely sure that they are harmless. Also, hackers may use domain shorten to hide a malicious link. Remember that simply visiting a corrupted website may lead to a ransomware infection.

Keep Security Software Updated


Remote work is not an excuse to neglect your security software. Quite the opposite. Keeping your security software installed and updated prevents viruses from getting into your system. Security software is crucial for defending against viruses and keeping your workflow secure. Firewalls, anti-ransomware tools, backups, privacy tools, and other kinds of security software should be checked regularly.

Ensure Device Security

Keeping devices secure is a vital aspect of remote work. Office 365 includes built-in Mobile Device Management capabilities. They help to secure and manage mobile devices used by licensed Office 365 users in your organization.

It is possible to create mobile device management policies to control access to your organization’s Office 365 data for supported mobile devices. In case a device is lost or damaged, information can be removed from it remotely.

Another one of the elements of device security is the security of a wireless connection. All your co-workers should avoid using public Wi-Fi networks, as they are less secure. It may be a good idea to use a personal mobile phone as a hotspot instead of connecting to public networks.

Encrypt Outlook Messages

As Outlook emails become more important, it may be a good idea to give them an additional layer of protection by encrypting them. Emails containing sensitive information like credentials or payment details are especially advisable to encrypt. To read the encrypted message, the recipient must be logged in their Outlook.

You can easily encrypt emails in Outlook by clicking the Encrypt button and choosing the options you would like to. For example, you can encrypt all messages to a certain person. You can also forbid forwarding the encrypted email, or choose from other options to give your email extra protection.

Consider Limiting the Access


The Office 365 Security & Compliance Center has the functionality to limit access to critical information. By assigning roles and permissions, Office 365 administrator can limit access to sensitive information and keep it secure in case a user’s account was compromised.

Of course, if editing the data is necessary for a user’s work, the required level of access should be kept. Otherwise, assigning a remote worker to a read-only group may be worth considering.

Concluding Thoughts

Adapting your Office 365 environment to the remote mode may be a little challenging, but the majority of remote security practices are aligned with the usual cybersecurity practices for the Office 365 cloud environment. Just a little bit of additional caution and remote work will be as secure as work from your office. Stay healthy and secure!