Best security practices for your Office 365 subscription

Best security practices for your Office 365 subscription

Many businesses today rely on Office 365 to improve productivity and efficiency in the office. Its vast array of programs such as Word, Excel, PowerPoint, Teams, and OneDrive helps users get work done faster.

While the platform is generally safe to use, thanks to its Exchange Online Protection feature, cybercriminals are still continuously finding ways to steal data from unsuspecting users.

In fact, according to Cyren and Ostenman Research, 40% of enterprises experienced Office 365 credential theft. The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has issued an advisory on how organizations can mitigate risks and vulnerabilities in the service as a result.

Here are some best practices to secure your Office 365 subscription.

#1. Use Office 365 Secure Score

This tool uses advanced analytics to recommend actions to better protect your data. Secure Score compares your activity and security settings to a baseline set by Microsoft. It creates a full inventory of all the security configurations that reduce risk, which are then calculated with points.

It gives your business a snapshot of how secure your environment is. It can be measured over time to track progress. Remember, the more security controls are implemented, the better the score will be.

#2. Block attachments commonly used for malware

Cybercriminals commonly use email attachments to infiltrate IT systems. Within rogue emails, hackers attach innocuous-looking documents that are injected with malware. And once your employees unsuspectingly open them, the malicious code can easily destroy or steal confidential data.

Download our free eBook!

Read our free eBook: The ABCs of Malware, and find out how to protect your business data from malware and other forms of cyberattack.

Download now!


Office 365 already has robust anti-malware capabilities such as multiple anti-malware scan engines, real-time threat response, and rapid integration of new patches and malware definitions. You can go even further by automatically blocking email attachments of files commonly used for malware.

To do this, sign into the Office 365 Security and Compliance center, then look under Threat Management. Select Policy, then Anti-Malware. Double-click on the default policy, then click Settings. Lastly, enable Common Attachment Types. Once turned on, the following file types are automatically blocked:

  • .ace
  • .ani
  • .app
  • .docm
  • .exe
  • .jar.
  • .reg
  • .scr
  • .vbe
  • .vbs

These file types are commonly used by hackers to unleash malware. You can also add or remove attachment types as needed. For instance, if you want to block the .dll extension, you can do so in Office 365’s provided list. Blocking common attachment types adds another layer of protection to your network.

#3. Create mail flow rules to block ransomware

Ransomware is one of the most dangerous types of malware out there, as it has the ability to lock up a PC and its files, and demand a large amount of money as ransom. To mitigate the risk, you can create mail flow rules that block attachment types commonly used for ransomware.

To do this, open the Exchange admin center, click on Rules under Mail Flow, then click Create a New Rule. From there, you’ll be presented with a wide range of options on how to prevent ransomware. For example, you can automatically block emails that could contain malicious code. You can also choose to prompt employees about the risks whenever they receive potentially dangerous emails.

#4. Use Office 365 Message Encryption

Office 365 Message Encryption lets you send encrypted email to people inside or outside your organization, regardless of the service provider. Email message encryption is critical for protection against email-based malware because it blocks outsiders from viewing the message content.

Administrators can set up rules that define encryption conditions. For instance, when a user sends a message to a friend or family, encryption can be automatically applied. To view these messages, the recipient can either get a one-time passcode, sign in with a Microsoft account, or sign in with a work or school account associated with Office 365.

You can also seek the help of USWired to keep your Office 365 subscription secure. We can tailor the perfect solution for your needs and ensure that your infrastructure is protected 24/7/365. The best part? We only charge a low monthly fee. Call us today to get started.


Do you know how much to budget for malware prevention and protection? Download our newest eBookGET THE ANSWER
+