Legal Field IT Specialists CEO, Robert Finley, answering a question regarding security recommendations for using Office 365:

What are the best practices for securely using Office 365?

Microsoft Office 365 is a great platform for SMBs and organizations, because it gives them access to many of the same technology solutions that larger corporations have, but at a price point that's reasonable for their budget. Because there are so many features in Office 365, it can be daunting to know where to start. Most organizations typically start by using Office 365's email platform and extend from there.

In this segment I'll be outlining 1 of 3 key steps we recommend to enhance your security profile in Office 365. The remaining 2 key steps will be covered in subsequent segments posted on this same page.


a. Have a good email Filtering and advanced threat protection solution.

Our first focus is to secure your email flow. That means you want to make sure that you have email filtering. And not just your traditional junk email filtering, but also advanced threat protection which blocks malware threats and viruses. The various Office 365 subscriptions include different levels of advanced threat protection or, alternatively, you can also purchase it separately.

What does the threat protection solution actually do? Well, if you click on a link in an email that sends you to a webpage, it will check the link before it takes you there. If it thinks it could be malicious it will post up a warning asking if you are sure you want to proceed. This warning is intended to make sure you really want to continue to a potentially threatening or harmful website. You can still continue if you choose, but if you do, then you are accepting the fact that you're going into an unsecured area.

Either way, we want you to have both filtering and advanced threat protection in place. Are you wondering why you would want to acquire these services separately even though you can get them through Microsoft Office 365? Because you will have the benefit of two different perspectives on what is considered a threat or malware. So, between the two solutions, you can broaden your scope of protection.

Of course, you need protection on all your devices and platforms. This is another reason you may wish to use a separate anti-threat solution, because it expands the scope of its protection beyond Office 365 to your entire device or machine. Think of it as a two-for-one deal. That means whether you have a PC or a Mac, an Android or iPhone, you always have some level of anti-threat software in place scanning at the operating system level as well as the email level.

b. Turn on Outlook Safety Tips

Another email security layer inside of Outlook is Microsoft's "Safety Tips." These tips use a traffic light analogy for flagging messages, but you must turn on "Safety Tips" because they are not set "on" automatically. The tips indicate if an email is something that can be trusted by flagging it green for safe. If the email is potentially spam, then the flag is yellow. If not, you have an option to identify a message as not spam. "Safety Tips" will also identify something that it thinks is a phishing scam.

Phishing is often an email scam, but it can also be found on websites. An example of email phishing is where you receive an email that may say something like, "Your email has been compromised. Click here to change your password." But when you click, it sends you to a hacker's site so they can capture your credentials and use it for their other purposes. Often, they will try to trick you through social engineering into releasing information. Train yourself and your team to be on guard always. With the "Safety Tips" enabled, if Outlook thinks it's a phishing email, it will red flag it, warning you that this could potentially be a phishing email.

c. Properly configure your DNS

Next, we recommend setting up DNS (or Domain Name Service) to help secure your email. I like to think of DNS as "the telephone operator" of the Internet. When you want to send me an email message, you type my email address, your computer will ask DNS to look it up, and then tells your computer how to route the message through the Internet much like an old-timey operator would have directed phone calls. DNS has features to help prevent junk mail from being sent through and to help prevent something called "spoofing."

Many of us have experienced receiving an email message that looks like you sent it to yourself. Or maybe you got an email from a friend or family member, where it looks like they sent it to you, it has their email address at the top, but it's not a legitimate email message. That's spoofing. It's somebody that's pretending to be you or someone else. But if you set up your company's DNS properly, you can help minimize the ability of people to masquerade as someone else in email.

These three items are the basics for securing your Office 365 environment. This needs to be done at a minimum.

If you would like assistance setting up email security for your firm call us today. Legal Field IT Specialists provides tailored IT support services to law firms to protect your firm from the dangers of online threats as well as working with you to ensure that your staff is highly productive & efficient which, in turn, increases your firm's profitability as a whole.

Phone: (678) 926-9192