Rivial Blog Schema Rivial Blog Schema 100% 10 B7 Screen reader support enabled. Turn on screen reader support
Randy Lindberg 25 Jul 2018 8 min read

Office 365 Security Best Practices

Banks and credit unions invest hundreds of thousands of dollars every year protecting the storage of their customers’ and members’ most sensitive data.  This can include the purchasing and upgrading of firewalls, thoroughly assessing cybersecurity vendors, and hiring a qualified Chief Information Security Officer to oversee it all.  


But often a glaring vulnerability in their network arises through the transferring of this information. Over 17% of data uploaded and sent using Office 365 is considered sensitive or business critical. The trouble is many organizations are still using elementary-level security methods for their Office 365 accounts, which – when stacked against a contemporary cybersecurity thief – poses no definitive protection.

Office 365 Safety Tips

Lucky for us, Office 365 is a well-developed program suitable (and secure enough) for most banks and credit unions sized over $2 billion in assets. So here are our 4 tips (you could even call them Office 365 security best practices) for unlocking the full built-in security features embedded in your email program.


1. Multi-Factor Authentication (MFA)

MFA is something you likely use already in your organization’s cybersecurity routine. When it comes to email protection for Office 365 security best practices, MFA should always be activated on your account. It requires additional confirmations of your identity in order to access accounts, providing you with an additional level of security to strengthen your password strategy.


The authentication measures don’t have to slow down your workflow; you can set your preferences to send you a confirmation code via a quick text message or through your app. In O365, MFA keeps your accounts secure, protecting you even if your password has been compromised by a cyber thief.


Here are step-by-step instructions to set up multi-factor verification for your Office 365 account.  


2. Configure Your Data Loss Prevention (DLP)

As an administrator responsible for email safety in your financial organization, you are sending sensitive information regarding your customers, members, or information assets probably on a daily basis. Enabling your DLP gives you the option to flag what information is considered sensitive and create policies to keep that information safe.


These policies can restrict who in your organization has access to share this important data, and which recipients can expect it in their inbox. This feature hugely cuts down accidental data breaches as well as intentional efforts to leak information.


3.  Turn on Office 365 Cloud App Security

For many Office 365 Enterprise users, the Cloud App Security feature is included in your plan (if it is not included, you can always purchase it online). This app gives you a birds-eye view of all account activity. Rather than sifting through all of this data yourself (which would be a near full-time task for a large organization) you can set your policy preferences to track anomalous activity.


As an admin on the account, you’ll be able to review all behavior you deem unusual or even risky, including failed login attempts, unknown IP account access, and the downloading of large or sensitive data.


For a further look-in of O365 Cloud App Security, go here.


4. Compare Your Office 365 Security Levels through Secure Score

Secure Score is a relatively new tool built in to O365 that analyzes potential risk and recommends actions to stem it. It takes into account your settings, history, and activities to measure your current risk level, and then compares that level to a Microsoft established baseline. Based on that comparison, you’ll receive a score and actionable steps to mitigate your risk.


Remember, this is designed to be a  cybersecurity assessment tool that gives you a general outline of how secure your account is based on your settings. All financial institutions are unique in the way they run, and a security template created without you, your team, and your customers in mind, should not be considered a clear assessment of your risk.


If you’d like to learn more about how Rivial Data Security can give you a definitive picture of your security environment, head on over to our website.