Coleman Technologies Blog

Your business runs on Microsoft 365. Emails, files, calendars, Teams calls. It all flows through one platform every single day. But here’s the uncomfortable reality about Microsoft 365 security settings for Burnaby businesses: the default configuration Microsoft gives you was built for convenience, not protection. And cybercriminals are counting on you not knowing the difference.

Microsoft 365 is functional out of the box. It’s not secure out of the box. The security tools are built in and available, but most of them are not turned on or configured properly unless someone deliberately does it. That gap between "available" and "activated" is exactly where attackers operate. And for small and medium sized businesses across Burnaby and the Lower Mainland, this blind spot is costing them everything.

The Default Settings Trap That Catches Almost Everyone

Microsoft designed its default settings to get businesses up and running fast. Collaboration tools work immediately. File sharing is frictionless. Email flows without interruption. But that speed comes at a cost that most business owners never realize until something goes wrong.

Default configurations often leave legacy authentication protocols like POP and IMAP active. These older protocols don’t support multi-factor authentication, which means they create a backdoor that completely bypasses your login security. Attackers know this. They actively scan for businesses still running these protocols because it’s the easiest way in.

Your Security Tools Are There but Nobody Turned Them On

Think of it this way. Microsoft hands you a building with a state of the art alarm system, reinforced doors, and security cameras in every hallway. But none of it is plugged in. The building looks secure from the outside. Inside, every door is unlocked and every camera is off.

The 2025 Verizon Data Breach Investigations Report found that ransomware was present in 88% of breaches involving small and medium sized businesses. That’s not a typo. While large enterprises saw ransomware in 39% of their breaches, SMBs absorbed the overwhelming majority of the damage. The reason is straightforward: smaller organizations typically have weaker security configurations, slower patch cycles, and fewer resources dedicated to IT security.

For companies relying on Microsoft 365 security settings for Burnaby businesses to protect sensitive client data, these defaults are a ticking clock.

The Five Settings Most Businesses Never Configure

Understanding where the gaps exist is the first step toward closing them. These are the Microsoft 365 security settings that consistently go unconfigured in small business environments:

• Multi-factor authentication left optional. MFA is available in every Microsoft 365 plan, but it’s not enforced by default for all users. Microsoft has reported that more than 99.9% of compromised accounts didn’t have MFA enabled. One setting. That is all it takes to block the vast majority of credential theft attacks.
• External sharing set to "anyone with a link." SharePoint and OneDrive default sharing settings often allow files to be accessed by anyone who receives a link, with no login required. Confidential documents can be forwarded, intercepted, or posted publicly without your knowledge.
• Too many Global Administrator accounts. During initial setup, businesses commonly assign Global Admin access to multiple people and never revisit it. Every Global Admin account is a high value target. If even one is compromised, an attacker has full control of your entire tenant.
• Email authentication protocols not configured. SPF, DKIM, and DMARC are email authentication standards that prevent attackers from spoofing your domain. Many businesses never set them up, which means criminals can send phishing emails that appear to come from your CEO.
• Audit logging and alerts turned off. Without audit logs and security alerts enabled, suspicious activity like unusual login locations, mass file downloads, or new forwarding rules goes completely unnoticed until the damage is done.

These aren’t advanced enterprise concerns. These are foundational settings that every business using Microsoft 365 should have configured from day one.

Why Burnaby Businesses Are Prime Targets

There’s a persistent myth that cybercriminals only go after large corporations. The data tells a very different story.

According to the 2025 Verizon DBIR, small and medium sized businesses are being targeted nearly four times more frequently than large organizations. The logic is simple from an attacker's perspective. It’s far easier to extract smaller amounts from twenty vulnerable businesses than to breach one company that has a dedicated security operations center.

Canadian businesses are not immune to this trend. A 2024 BDC survey found that 73% of Canadian small businesses have experienced a cybersecurity incident, ranging from phishing attempts to full denial of service attacks. Meanwhile, 61% reported experiencing a phishing attempt via email, the exact attack vector that misconfigured Microsoft 365 settings leave wide open.

Microsoft 365 security settings for Burnaby businesses are especially critical because the industries concentrated in this region, including professional services, legal, accounting, and construction, handle sensitive client information daily. A single breach doesn’t just cost money. It destroys client trust and can trigger compliance violations.

The Phishing Problem Is Getting Worse

Microsoft was the most impersonated brand in phishing campaigns in 2024, appearing in over 51% of all phishing scams worldwide. Attackers create login pages that look identical to the real Microsoft 365 sign in screen. When an employee enters their credentials on a fake page, the attacker walks right into your environment.

Without proper anti-phishing policies configured in Microsoft Defender for Office 365, these emails land in inboxes looking completely legitimate. Safe Links, Safe Attachments, and impersonation protection are all available within the platform. Most businesses have never turned them on.

What Properly Configured Microsoft 365 Security Actually Looks Like

The gap between a vulnerable Microsoft 365 environment and a hardened one is not about buying more software. It’s about configuring what you already have.

A properly secured Microsoft 365 tenant includes:

• MFA enforced for every user account, not just administrators
• Legacy authentication protocols disabled entirely
• Conditional Access policies that evaluate login context, including device, location, and risk level
• External sharing restricted to authenticated users with expiration dates on shared links
• Microsoft Defender for Office 365 configured with Safe Links, Safe Attachments, and anti-phishing policies active

Microsoft's own research confirms that MFA alone reduces the risk of account compromise by 99.2%. That single configuration change eliminates almost all credential based attacks. Yet according to research cited in the 2025 CoreView State of Microsoft 365 Security report, only 41% of organizations have implemented MFA effectively across their environments.

The remaining 59% are operating with the digital equivalent of a screen door on a bank vault. Every day those settings stay unconfigured is another day attackers have a clear path into your environment. And once they’re inside, they move fast. Forwarding rules get created. Data gets exfiltrated. Ransomware gets deployed. All before anyone notices something is wrong.

The businesses that take Microsoft 365 security settings for Burnaby businesses seriously are the ones that treat configuration as an ongoing process, not a one time setup task. Settings drift over time as employees are added, apps are integrated, and Microsoft releases updates. Quarterly reviews of your security posture are not a luxury. They’re a necessity.

The Business Cost of Getting This Wrong

The consequences of misconfigured Microsoft 365 settings extend far beyond the initial breach.

The 2025 Verizon DBIR reported that ransomware attacks rose by 37% year over year and were present in 44% of all confirmed data breaches globally. For small businesses specifically, the operational fallout is devastating. Systems go offline. Client data gets exposed. Recovery takes weeks, not days.

Here is what a breach typically triggers for a small business:

• Immediate loss of access to email, files, and collaboration tools
• Regulatory notification requirements if client data is compromised
• Cyber insurance claims that may be denied if basic security controls like MFA were not in place
• Reputational damage that drives clients to competitors
• Legal exposure from failure to protect sensitive information

The 2025 Verizon DBIR also found that credential abuse accounted for 22% of all breaches, and vulnerability exploitation accounted for another 20%. Both attack vectors are directly addressed by properly configuring Microsoft 365 security settings for Burnaby businesses.

How to Know If Your Settings Are Actually Configured

Microsoft provides a built in tool called Secure Score that evaluates your current security posture and recommends specific actions to improve it. It’s free, it’s already in your admin portal, and most businesses have never looked at it.

Secure Score examines your configurations across identity, data protection, devices, applications, and infrastructure. It then benchmarks your environment against similar organizations and prioritizes recommendations by impact. Most businesses we work with are shocked by how low their initial score is, even when they assumed everything was properly set up.

The tool isn’t a replacement for professional security management. But it gives you an honest snapshot of where you stand today. And for businesses that have never audited their Microsoft 365 configuration, that snapshot is often the wake up call that drives real change.

If you do nothing else after reading this article, take these three steps this week:

• Log into your Microsoft 365 admin center and check your Secure Score
• Verify that MFA is enforced for every user, especially administrators
• Review your external sharing settings in SharePoint and OneDrive

These three actions alone will close the most dangerous gaps in your environment. They cost nothing, they take less than an hour, and they dramatically reduce your exposure.

Stop Assuming Microsoft Has You Covered

Microsoft gives you the tools. They don’t configure them for you. That distinction is the single biggest security risk facing small and medium sized businesses running Microsoft 365 today.

The businesses that avoid breaches are not the ones with the biggest budgets. They’re the ones that took the time to properly configure their Microsoft 365 security settings. For Burnaby businesses handling sensitive client data across professional services, legal, accounting, and construction, getting this right is not optional. It’s the foundation of everything else.

If you’re not sure whether your Microsoft 365 security settings for Burnaby businesses are properly configured, Coleman Technologies offers a comprehensive security assessment that identifies exactly where your gaps are and what it takes to close them. Call (604) 513-9428 or book a courtesy 30 minute consultation at colemantechnologies.com to find out where you stand.

Sources:

1. Verizon, "2025 Data Breach Investigations Report (DBIR)," April 2025: verizon.com/business/resources/reports/dbir/
2. Microsoft, "Security at Your Organization: MFA Statistics," Microsoft Partner Center: learn.microsoft.com/en-us/partner-center/security/security-at-your-organization
3. Microsoft, "One Simple Action You Can Take to Prevent 99.9% of Account Attacks," Microsoft Security Blog: microsoft.com/en-us/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/
4. Microsoft, "Microsoft Digital Defense Report 2023": microsoft.com/en/security/security-insider/microsoft-digital-defense-report-2023
5. CoreView and Help Net Security, "Why Your Microsoft 365 Setup Might Be More Vulnerable Than You Think," July 2025: helpnetsecurity.com/2025/07/14/microsoft-365-attack-surface/
6. BDC (Business Development Bank of Canada), "Survey of Cybersecurity and Canadian SMEs," September 2024: bdc.ca/en/articles-tools/blog/cyberattacks-small-businesses-remain-denial
7. Hunto AI, "60+ Phishing Attack Statistics: Insights for 2026": hunto.ai/blog/phishing-attack-statistics/

Do you ever find your eyes glazing over at the sight of a sprawling spreadsheet? That feeling of being overwhelmed by a sea of data is universal… but what if you could instantly start making sense of it all with just one click?

Both Microsoft Excel and Google Sheets offer powerful, yet often overlooked, features to help you quickly analyze and visualize your data. In Excel, this is called the Quick Analysis tool. While Google Sheets doesn't have a single button with the same name, it provides the same powerful capabilities through its intuitive menus and the AI-powered Explore feature. Let's dive into how you can leverage these tools to transform your data from a source of sighs to a font of insight.

What is art? It’s not an easy question to answer, especially with new techniques and mediums being developed all the time. By definition, art can be basically summed up as the creative expression of an individual through some medium.

For Japanese artist Tatsuo Horiuchi, that medium is one that is familiar to those in and out of the art world.

As a manager, some of the administrative work can be, if not the worst part of the job, easily the least engaging. For instance, having to create all the different folders for the employees under your purview, projects, and other organizational needs. Fortunately, Microsoft Excel offers a relatively quick and easy way of doing just this.

Microsoft Excel is a great way for data to be visualized, particularly as it offers various features to highlight the context of the data you’re trying to communicate with. Today, we wanted to walk you through how you can use one such feature—People Graphs—to do so particularly impactfully.

Let’s go over how to set up this capability. As a disclaimer, it will require you to edit some of your menu options, so reach out to your IT resource to confirm that it is okay to do so and to assist you if need be.

You should also know that Track Changes won’t work if a spreadsheet contains a table that hasn’t been converted into a range. To make this conversion, select the table, navigate to the Design tab, and click the Convert to Range option. If you want others to be able to collaborate on your workbook, it needs to be saved in a shared location.

In actuality, you’ve used a template every time you’ve opened a Microsoft Word document… the Normal template. However, you may want to use a different template to meet your different needs. If that’s the case, you’ll need to adjust some settings as you create your document.

As you select New from the File tab, you will be presented with a few options. One of them will be Blank document, but you also have the opportunity to utilize a huge variety of other templates that can be found in the application and then downloaded. Once you have done so, select your chosen template and your new document will be generated with that template’s contents. These can include:

• Boilerplate text
• Styles
• Images and logos
• Table of contents
• Sections that split the document into different parts, with appropriate numbering
• Table and chart boilerplates

Of course, this isn’t a comprehensive list of your options. Feel free to explore the different templates and their options to see all that these documents can do.

Once you have a few templates downloaded, you can even edit them to better fit your needs. To do so, all you need to do is open the template you want to edit (File>Open>This PC>My Documents>Open) and make your desired changes. Once that’s done, just Save and Close.

Why Bother with Templates at All?

There are a few advantages to using templates that you should see significant benefits from, such as:

1. Templates can be shared amongst your staff and unify your business’ style.
2. Templates can be used to make forms much easier (and less expensive) to reproduce.
3. Templates can reference your other applications to simplify additional tasks.
4. Templates allow you to quickly reformat your documents if need be.

So, do you think you’ll do any investigating into templates in the future? Why or why not? Let us know in the comments, and let us know what other tips you would find helpful!

What’s the Difference?

The biggest difference between the two services is how they are delivered. Microsoft Office 2019 is the productivity suite in its traditional sense. You download the software solutions, like Microsoft Word, Excel, and PowerPoint, which you can then access on your desktop. Since the programs are stored locally on your computer, you don’t need an Internet connection to access them.

On the other hand, you have Microsoft Office 365, which is the cloud-based variant that Microsoft is pushing these days. Office 365 has all of the software solutions that you expect from a productivity suite, but the primary difference comes from how they’re accessed. Office 365 can be delivered through the Internet rather than being found locally on the computer, meaning that it requires a solid Internet connection in order to work as intended. Furthermore, since the solution is found in the cloud, it can be accessed on any device through a web browser, meaning that it’s more accessible than it’s ever been.

What’s Best for You?

As we mentioned before, the solution you’ll want to invest in will vary depending on various factors. If your Internet connection isn’t reliable, for example, your capacity to get work done might be limited with Microsoft Office 365. For a full list of what you should consider when planning out your productivity suite infrastructure, be sure to contact professional IT technicians who can run you through scenarios that you might not even foresee initially.

Coleman Technologies can provide your organization with a free consultation to determine which Microsoft Office solution works best for your specific needs. To learn more, reach out to us at (604) 513-9428.

The following apps are included in Office 2019:

• Outlook
• Word
• Excel
• PowerPoint

Here are some changes that have been brought to these applications.

Outlook

Most people use Outlook for email, but it’s more of a personal information manager, since it can be used as a calendar, task manager, and contact manager. Changes to Outlook 2019 include:

• One-click fixes for accessibility issues - Enhanced accessibility options are updated to new international standards.
• Focused inbox - Outlook now features more options to keep you focused on the information you need and less on the glut of email that you may get. 
• Outlook reads your emails to you - Outlook now offers a text to voice option that will read your emails to you. 

Word

Microsoft Word is the Office suite’s word processor, and Word 2019 is looking to be a great upgrade from Word 2016. Here are some of the best changes:

• Real time collaboration - Work side-by-side with others to collaborate on documents in real time.  
• Integrated translation - Microsoft translator gives workers the ability to translate words, phrases, and sentences in many languages.
• Enhanced reading options - Instead of straining your eyes, choose options to help make it easier on them, including page color, column width, text spacing, or have Word read your document to you.
• Easier navigation - You can now flip through documents quickly with side-by-side view.

Excel

Excel is a spreadsheet software that comes bundled with Microsoft Office. The latest version gives users plenty of opportunities to take advantage of new and interesting features, several of which give Excel the ability to act as a database. Here are just a few of the new features:

• New Charts - Users can now create a series of new charts, including map charts, funnel charts, and more. 
• Precision selecting - Now users can deselect cells that aren’t relevant to their query without having to frustratingly start over.  
• New and improved connectors - Now there are integrations that allow Excel to be front and center on any of your organization’s analytics initiatives.

PowerPoint

PowerPoint is Microsoft’s presentation-creator app. The software has hundreds of other functions, of course, and PowerPoint 2019 expands PowerPoint’s effectiveness in the long run. Some functions include:

• Zoom for PowerPoint - Provides custom navigation inside a presentation for more presenter-friendly interaction.
• SVG image compatibility - You can now insert and edit scalable vector graphics (SVG) images for clearer, more defined imagery. 
• Export to 4K - Now you can export your presentation to 4K format, slightly better than Ultra High Definition. 

Other software

Office 2019 is also built with a much-improved Microsoft Teams collaboration app--and SharePoint--the industry standard in project management and coordination. Additionally, the ever-popular Microsoft Office 365 now uses Office 2019 as a base for their cloud-delivered products. 

Microsoft lists OneNote as a part of their Microsoft Office platform, but the software giant is starting to move away from OneNote as a part of the productivity suite, building it instead as a part of Windows 10. 

If you would like to talk about what Microsoft products are right for your business and/or personal computing needs, the IT professionals at Coleman Technologies are available to answer your questions and give you suggestions. To speak to one of our certified consultants call us today at (604) 513-9428.