CISA warns incorrect settings, ImageQuestThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned this week that the rush by many organizations to work-at-home might have left security vulnerabilities unaddressed, specifically with Microsoft Office 365.

“Due to the speed of these deployments, organizations may not be fully considering the security configurations of these platforms,” the agency said in an alert posted Wednesday. “CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks.”

The alert urges IT security teams “to review and ensure their newly adopted environment is configured to protect, detect, and respond against would-be attackers of O365.”

“ImageQuest is aware of these requirements and insists that our clients follow best practices,” said Jay Mallory, Executive Vice President. “The rush to work from home, coupled with the convenience of O365, can create a nightmare if critical security steps are not followed.”

Among the steps CISA recommends organizations review for full cybersecurity with O365 are:

  • Enable multi-factor authentication for administrator accounts. CISA notes that multi-factor authentication for administrators is not enabled by default, although these accounts are hosted in the Cloud. MFA should be activated immediately to stop attackers from migrating into an organization’s O365 environment.
  • Assign Administrator roles using Role-based Access Control (RBAC). CISA wants IT teams to limit the use of Global Administrator accounts because of the extent of system access such accounts provide. Instead, CISA recommends restricting privileges based on people’s roles within an organization. Using a “Least Privilege” approach can significantly reduce risk if attackers compromise an administrator account.
  • Enable multi-factor authentication for all users. Your workforce has access to your business data, which exposes your team to attack via phishing, malicious apps, and dangerous links. Organizations should limit exposure with multi-factor authentication.
  • Disable email programs using legacy protocol authentication where appropriate. Your team may still be using older work or personal email accounts to access your system. Some of these may not support multi-factor authentication. You may recognize these “legacy protocol” email systems from setting them up at home: POP3, IMAP, and SMTP. It’s recommended you survey who on your team still uses those email systems and limit the access those accounts have.

There are a few more steps recommended by U.S. CISA listed here.