To keep your Office 365 safe you need to put some efforts into picking your password. But for most people it’s a hassle to come up with a password that needs to be 8 digits long, mixing upper-case and lower-case letters and symbols – that you also need to remember! Many users take the easy way out and re-use a password they use somewhere else, or just pick something easy like their name and the year.

Why is it such a big deal? Why do IT people always badger end-users about security? Well, because the security risks are bigger than ever. “I have nothing to hide” or “I have no money to steal” are common replies when I talk to users about this. This is a very risky mindset. Users need to understand that today’s cyber criminals are very sophisticated and can do a lot of harm.

It had actually happened to me, not too long ago. My account was compromised, and hackers used my account to send out a false email to one of our customers asking them to change the bank account for the payment that was due. Luckily, the customer had proper vendor payment policies in place and did not proceed with the request. We managed to get through the security breach without losing any money or publicly damaging our reputation. But everyone is not so lucky.

Therefore, I’m very happy to share that we have just launched a new topic in our Storyals subscription – “Stay safe using Office 365”. In this video series users are given a background for why it is important to keep your Office 365 account safe, followed by proper guidance on how to do it – and as always, a quiz and a certificate at the end.

Recommendation #1 – Set your password wisely

When you set your password, put some effort into it. Don’t just pick something obvious like “password” or “abcd1234”. Also, you shouldn’t use things that can easily be found out about you, such as your children’s names or when you were born. Set a password that is at least 8 characters with a combination of various symbols and letters. Make sure that it’s a password you are not using elsewhere. There are markets online where cybercriminals sell hijacked passwords. So, if you are using the same password in many different places you are at a much higher risk. Since you need to remember your password, try to come up with some gibberish phrase but that can’t easily be linked to you like: “@Party4doG” or “Lego&8bAll“.

Recommendation #2 – Add an extra layer of security

In addition to having a password, it’s highly recommended that your administrator adds one more level of security – multi-factor authentication or MFA for short. You can think of it as having a seat belt in your car – and then, adding an airbag for extra security.

Multi-factor authentication means, that in addition to your password, you add an extra level of security to really make sure you are in fact you. You can do this by entering a code sent to your mobile, or by approving the log in via an app on your phone or by following the guidance you get from a call to your phone.  This might sound a bit complicated – but in fact, it’s really easy and quick.

Recommendation #3 – Protect all your devices

Since you can access your tools and your company data from a wide range of mobile devices – you need to protect them as well. Go to your mobile device settings and then tap to go to the security settings. This might look a bit different depending on which phone you have and which model.  Make sure you enable security on your mobile device. If you have a modern phone that supports face recognition, like Face ID, you can enable that. Or, you can enable a security pin. Again, you should select a security pin that’s not 0000 or 123456 – be creative! Also, make sure the device is locked immediately if you don’t use it. This is also a good precaution if you have kids so that they don’t start sending out stuff you wish they wouldn’t!

Recommendation #4 – Be observant

Having all these security measures in place is great, but they won’t do any good unless you are observant. For example, if you are not trying to log in somewhere with your account, don’t approve a login request on the Authenticator app on your mobile – you might be helping a hacker get access to your account. If you get a phone call and the person on the line asks you to press the hash key (#) to approve a sign in – unless you’re trying to log in to your account, don’t press the hash key. Hang up!

Recommendation #5 – If you suspect something odd – immediately contact IT

If you have even the slightest suspicion that your account has been compromised – immediately contact your IT Helpdesk or IT Administrator. You should do this even before you change your password. Why you might ask? Because the hackers could have put malicious software on your device that could capture any new password you generate. Get help to scan your computer and reset your password.

Summary

The intention of this Storyals topic is not to scare users or make them feel worried. The intention is to provide them with guidance so that they can enjoy the flexibility of their modern workplace – without being at risk. See it as a way to provide them with some simple steps they can take to stay safe – like getting that driver’s license and buckling up before hitting the road.