Yesterday, the National Cybersecurity and Communications Integration Center (NCCIC) issued an important Analysis Report (AR19-133A) regarding increasing concerns about Office 365 configurations. Specifically, this report made note of 3rd party organizations that facility company migrations to Office 365 and the lack of standards with these configurations.
More and more organizations and migrating to Office 365 and many hire partners to help them make the migration. The issue is that many of these partners do not properly configure Office 365 security features. These lapses can leave the organization vulnerable to hackers who exploit well known Office 365 configuration weaknesses.
I have witnessed this first hand, in my business, where clients have come to us with mis-configured Office 365 tenants that have left them vulnerable. In one particular case, I know of a company that had one of their Office 365 accounts mirrored to a hacker, who analyzed the organizations communication style and was able to trick the two people in the finance department to wire a significant amount of funds to the hacker. This threat is very real and it should be a concern for everyone working with Office 365.
The Cybersecurity and Infrastructure Security Agency (CISA) has released specific recommendations to address these concerns. From the Analysis Report, CISA recommends the following:
CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets through defending against attacks related to their O365 transition, and securing their O365 service. Specifically, CISA recommends that administrators implement the following mitigations and best practices:
- Use multi-factor authentication. This is the best mitigation technique to use to protect against credential theft for O365 users.
- Enable unified audit logging in the Security and Compliance Center.
- Enable mailbox auditing for each user.
- Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users.
- Disable legacy email protocols, if not required, or limit their use to specific users.”
If you work with Office 365, please review Analysis Report (AR19-133A) right away.