HomeHow to increase security in your company with Microsoft 365

Share on social media

How to increase security in your company with Microsoft 365

The many advantages of cloud services make them a self-evident choice for the majority of companies today. And because they are such a common solution, security in cloud services has also become a hot topic for companies using them.

There are a number of opportunities to increase security for business-critical tools in Microsoft 365. In this article, we list three tips that can help you to easily increase security levels in your company.

Increase security with multi factor authentication in Microsoft 365

The opportunity to always have access to the company’s systems – and the freedom to be able to work from anywhere at any time – also brings with it the consequence that security must be increased. This can easily be addressed using multi factor authentication. Two-step verification is a variant of multi factor authentication, and essentially means that you need to verify your login via an app on your mobile, a text message or an email, to confirm you actually are the person you say you are.

A common method to access log in details and steal data is “phishing”, which often takes the form of a false email where you’re asked to open a link or login to a site that appears to be a well-known one. Because it’s often enough to have an email address and password to login and access your own and your company's data, there are good grounds for activating two-step verification. With multi factor authentication (MFA), you make it difficult for an external party to enter your system, even if they’ve succeeded in getting hold of your login details.

Make intrusion difficult with dedicated administrator accounts

Another tip for easily increasing your security levels is to create dedicated administrator user accounts in Microsoft 365. The idea of an admin account is to make it easier to select which people have access to which data, helping to make your sensitive information more secure.

For the admin account to be effective, it’s important that it is only used for tasks associated with its intended function. You shouldn’t have more than 2-4 such accounts within your company. The people who have access to an admin account should also have a separate user account for any everyday tasks that don’t involve system administration.

Below are three important points to remember when you're using an admin account:

  • Activate two-step verification for the admin account too

  • Before you use the admin account, it’s important to make sure that you have closed and logged out of all unrelated web browser sessions and apps (including personal email accounts). This makes intrusion more difficult

  • When you've finished your administrator tasks, it’s important that you make sure you log out of the web browser session, for the same reason as above

If your user account is subject to intrusion but the admin account is separate, the hacker can only access the data the user account can access, and not the whole company’s data.

Backup your data – even if it’s stored in the cloud

Even if Microsoft’s OneDrive solution gives you the opportunity to work in a more mobile and flexible way, you’re still responsible for making sure your company’s data is secure. Microsoft 365 and SharePoint include basic security for your data, but there are good reasons to have a backup of the data stored in the cloud.

Ask yourself how long you can afford to be without your data. For the majority of companies this isn’t even an alternative, which clearly shows how important it is to protect yourself with backup solutions.

These are a few of the advantages of supplementing your cloud storage with an additional backup:

  • You get guaranteed separation of data from Microsoft 365 if something happens to Microsoft’s servers

  • It’s easier and much quicker to restore data from your own backup

  • You're always responsible for the data that you store in Microsoft 365. Microsoft are responsible for the accessibility and storage of that data

  • If your company suffers an external attack and your files are encrypted, the encrypted files will be synched online next time you connect to the cloud. Because crypto viruses often rename the files, it can be difficult to restore documents to previous versions

  • If data or users are deleted by mistake in Microsoft 365, the data is only stored in “deleted” for 30 days as standard 

With a backup in addition to cloud storage, you always have access to your files in a secure manner, regardless of what happens. At Nordlo we can help you get started with backing up selected parts of your stored data, and through our solution you can be sure that your backup is replicated in two different places on reliable servers.

If you need help activating multi factor verification, managing backups or setting up administrator profiles, contact us at Nordlo. We’ll be happy to help you analyse and increase IT security for your company.                                  

Read more about Nordlos' security services

This website uses cookies and personal data

When you visit https://nordlo.com, we at Nordlo Group AB use cookies and your personal data. Some cookies and some processing of personal data are necessary, while you choose whether to consent to others. You make your choice below. Your consent is entirely voluntary.

You have certain rights, such as the right to withdraw your consent and the right to lodge a complaint with a supervisory authority. Read more in our cookie policy and our privacy policy.

Manage your cookie-settings

Cookies and personal data that we use for analysis

To analyse how you use our website, we use cookies from Google and HubSpot's analytics service. We also process your personal data, e.g. your encrypted IP address, your geographical location and other information about how you use the website. 

Cookies and personal data that we use for marketing

We use cookies and your personal data to display relevant marketing and to follow up on such marketing when you visit other websites or social media. We do this with the aid of Google, Facebook, HubSpot and LinkedIn. The personal data that we process for marketing purposes include your IP address, information about how you use the website and information that these services already have about you.  

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data