Microsoft 365 is the core of many businesses, providing essential tools like email, file sharing, and collaboration platforms. However, did you know that nearly 60% of organisations that rely on Microsoft 365 leave critical security settings at their default settings? This oversight has led to an alarming number of data breaches and security incidents, costing businesses millions of dollars in damages.
Understanding the hidden dangers of relying on default settings in Microsoft 365 and provide a checklist of critical Microsoft 365 security settings you should adjust immediately to enhance your security posture.
Understanding the risks of default settings in Microsoft 365
When you first set up Microsoft 365, it comes pre-configured with default settings intended to accommodate a wide range of users. While this approach offers convenience, it also means that security controls may not be as stringent as they should be for your specific organisation.
Default settings in Microsoft 365 are typically generic, designed to balance ease of use with security. However, this compromise often results in configurations that leave your business vulnerable to cyber threats.
Common security vulnerabilities
Here are some of the common security vulnerabilities associated with default settings in Microsoft 365:
- Insufficient access controls: Default settings often provide more access than necessary, increasing the risk of unauthorised access.
- Lack of multi-factor authentication (MFA): Without MFA enabled, user accounts are at a higher risk of being compromised.
- Default sharing permissions: These settings can lead to unintentional data leaks, especially when external sharing is enabled by default.
- Inactive account retention: By default, Microsoft 365 may retain inactive accounts without stringent monitoring, which could become a target for hackers. Regularly reviewing and disabling or removing inactive accounts is crucial.
- Automatic email forwarding: Some default settings allow automatic forwarding of emails to external addresses, which can be exploited by attackers to exfiltrate sensitive information without detection.
- Unmonitored security logs: Microsoft 365 generates logs for various activities, but if these logs are not actively monitored or configured correctly, potential security incidents might go unnoticed, delaying response times.
Real-world incidents highlight the dangers of relying on these default settings in Microsoft 365. For instance, numerous data breaches have occurred due to overly permissive sharing settings or the absence of enforced MFA. In today’s threat landscape, it’s crucial to be proactive about securing your Microsoft 365 environment.
Critical Microsoft 365 Security Settings That Need Immediate Attention
Multi-factor authentication (MFA)
Multi-Factor Authentication is one of the most effective security measures you can implement. MFA requires users to provide two or more verification factors to gain access, making it much harder for attackers to compromise accounts.
External sharing settings
By default, Microsoft 365 allows external sharing of files and documents, which can be risky if not properly managed. External sharing settings in OneDrive, SharePoint, and Teams should be carefully configured to prevent unauthorised access to sensitive information.
Email security settings
The default email security settings in Exchange Online may not offer robust protection against phishing, spam, and malware attacks.
To enhance your email security, it’s essential to configure anti-phishing, anti-spam, and anti-malware filters, and to set up domain-based message authentication, reporting, and conformance (DMARC), DomainKeys Identified Mail (DKIM), and Sender Policy Framework (SPF).
Admin roles and permissions
Microsoft 365’s default settings can often assign broad permissions to administrators, leading to overprivileged accounts. This can be a significant security risk if one of these accounts is compromised.
Data loss prevention (DLP)
Default Data Loss Prevention settings may not be comprehensive enough to protect all types of sensitive data in your organisation. Customising these policies can help prevent accidental data leakage.
Conditional access policies
Conditional Access policies are crucial for securing sign-ins, especially for remote or hybrid work environments. Default settings may not include restrictions based on user location, device compliance, or application use.
The importance of regularly reviewing and updating settings
The cybersecurity landscape is constantly evolving, and so should your Microsoft 365 security settings. Regularly auditing and updating your settings is crucial to maintaining a robust security posture.
Compliance with standards such as ISO 27001 and the ASD Essential Eight requires ongoing vigilance and adjustment to security configurations.
For a pro tip, consider using automation tools and managed services to streamline the process of reviewing and updating settings. These tools can help identify potential vulnerabilities and ensure your configurations remain optimal over time.
Default settings in Microsoft 365, while convenient, pose significant security risks if left unchanged. By taking immediate action to adjust these settings, you can protect your organisation from common vulnerabilities and ensure your data remains secure.
Regularly reviewing and updating these configurations is essential in today’s ever-evolving threat landscape. Start by making the changes outlined in this guide and reach out to Protektiv for expert assistance in safeguarding your business.
Ready to learn more?
If you’re looking to strengthen your Microsoft 365 and minimise the risks of cyber threats and data breaches, we’re here to help. Fill in the form below and our team will get in touch to talk about how we can support your business in securing its sensitive data.