Foreign hackers have been secretly monitoring Microsoft 365 accounts and chats between US government officials responsible for recognizing foreign threats to national security for months on December 2020. The attackers in the now-famous SolarWinds hack used malicious malware embedded in the SolarWinds Orion software system to gain access to the network and access Microsoft’s email client.
As soon as the news broke, Microsoft released instructions on how businesses should improve their security to prevent such attacks, while simultaneously clarifying that no Microsoft product vulnerabilities had been discovered.
You might not be able to do anything about vulnerabilities like the ones we observed with SolarWinds. However, if you obtain your business or personal email using Outlook on Microsoft 365, there are steps you can do to better safeguard your account and avoid attacks. (If you have Windows 10, you may also adjust the security defaults to further safeguard your device; many of these are also accessible in Windows 11.)
Here are five methods for securing your Microsoft 365 account
Implement multifactor authentication.
According to the US Cybersecurity and Infrastructure Security Agency, multifactor authentication is the best approach to protect you against someone obtaining your login credentials. It provides an extra degree of protection to account sign-in by requiring you to enter your password together with a verification number sent to your phone or given by an authenticator app.
Go to the Security fundamentals page and sign in with your Microsoft account to enable multifactor authentication (also known as two-step verification). There are more security solutions available. To enable two-step verification and for further information, go to Two-step verification and enable it.
Your administrator must enable it before it may be added to a work Microsoft 365 account. After that, when you log in with your username and password, you’ll be prompted for further information. Click Next.
The default authentication option is the free Microsoft Authenticator app, which you may download to your mobile device. This application gives you a one-time-use code that will expire after a certain amount of time.
Choose “I desire to set up an alternate approach” if you prefer to get a code through an SMS message. Microsoft will ask for your mobile phone number and give you a text message with a six-digit code to verify your account.
Use different passwords for different accounts.
Never use the same password for several accounts. There are hundreds of fantastic password managers available, like the free LastPass, to help you keep track of all your passwords. You should also select a secure password that is at least eight characters long and avoids popular terms. Check out our other suggestions for creating a strong password by clicking here.
Be cautious of phishing scams.
If you receive an email about the security of your Microsoft account, it might be a phishing effort. Phishing is a sort of attack in which hackers pretend to be a company or a person you know in order to steal your personal or credit card information. These emails almost always include a link to a malicious website, which you should never click on.
The simplest method to prevent these emails is to recognize them; they may contain misspelled terms or come from a slightly misspelled source (such as microsoftsupport.ru or micros0ft.com). They may also contain urgent demand to action or avert a threat. If you see anything strange, just delete it or report it to the Anti-Phishing Working Group at [email protected].
Keep your applications safe.
On your phone or PC, only install and execute programs from reliable sources, such as your device’s app store. Using Microsoft programs to access your Microsoft 365 accounts, according to the company, is the safest alternative. Make sure that all of your programs and operating systems are up to date; many updates include security patches, so apply them as soon as possible.
Make it as simple as possible to recover Microsoft 365 account access.
If everything fails and your account is hacked, you may modify it to make the recovery process go more smoothly. On the Microsoft security basics page, fill in the appropriate information, such as your phone number and email address. To keep your account safe, keep this information up to current.