Coleman Technologies Blog

Your business runs on Microsoft 365. Emails, files, calendars, Teams calls. It all flows through one platform every single day. But here’s the uncomfortable reality about Microsoft 365 security settings for Burnaby businesses: the default configuration Microsoft gives you was built for convenience, not protection. And cybercriminals are counting on you not knowing the difference.

Microsoft 365 is functional out of the box. It’s not secure out of the box. The security tools are built in and available, but most of them are not turned on or configured properly unless someone deliberately does it. That gap between "available" and "activated" is exactly where attackers operate. And for small and medium sized businesses across Burnaby and the Lower Mainland, this blind spot is costing them everything.

The Default Settings Trap That Catches Almost Everyone

Microsoft designed its default settings to get businesses up and running fast. Collaboration tools work immediately. File sharing is frictionless. Email flows without interruption. But that speed comes at a cost that most business owners never realize until something goes wrong.

Default configurations often leave legacy authentication protocols like POP and IMAP active. These older protocols don’t support multi-factor authentication, which means they create a backdoor that completely bypasses your login security. Attackers know this. They actively scan for businesses still running these protocols because it’s the easiest way in.

Your Security Tools Are There but Nobody Turned Them On

Think of it this way. Microsoft hands you a building with a state of the art alarm system, reinforced doors, and security cameras in every hallway. But none of it is plugged in. The building looks secure from the outside. Inside, every door is unlocked and every camera is off.

The 2025 Verizon Data Breach Investigations Report found that ransomware was present in 88% of breaches involving small and medium sized businesses. That’s not a typo. While large enterprises saw ransomware in 39% of their breaches, SMBs absorbed the overwhelming majority of the damage. The reason is straightforward: smaller organizations typically have weaker security configurations, slower patch cycles, and fewer resources dedicated to IT security.

For companies relying on Microsoft 365 security settings for Burnaby businesses to protect sensitive client data, these defaults are a ticking clock.

The Five Settings Most Businesses Never Configure

Understanding where the gaps exist is the first step toward closing them. These are the Microsoft 365 security settings that consistently go unconfigured in small business environments:

• Multi-factor authentication left optional. MFA is available in every Microsoft 365 plan, but it’s not enforced by default for all users. Microsoft has reported that more than 99.9% of compromised accounts didn’t have MFA enabled. One setting. That is all it takes to block the vast majority of credential theft attacks.
• External sharing set to "anyone with a link." SharePoint and OneDrive default sharing settings often allow files to be accessed by anyone who receives a link, with no login required. Confidential documents can be forwarded, intercepted, or posted publicly without your knowledge.
• Too many Global Administrator accounts. During initial setup, businesses commonly assign Global Admin access to multiple people and never revisit it. Every Global Admin account is a high value target. If even one is compromised, an attacker has full control of your entire tenant.
• Email authentication protocols not configured. SPF, DKIM, and DMARC are email authentication standards that prevent attackers from spoofing your domain. Many businesses never set them up, which means criminals can send phishing emails that appear to come from your CEO.
• Audit logging and alerts turned off. Without audit logs and security alerts enabled, suspicious activity like unusual login locations, mass file downloads, or new forwarding rules goes completely unnoticed until the damage is done.

These aren’t advanced enterprise concerns. These are foundational settings that every business using Microsoft 365 should have configured from day one.

Why Burnaby Businesses Are Prime Targets

There’s a persistent myth that cybercriminals only go after large corporations. The data tells a very different story.

According to the 2025 Verizon DBIR, small and medium sized businesses are being targeted nearly four times more frequently than large organizations. The logic is simple from an attacker's perspective. It’s far easier to extract smaller amounts from twenty vulnerable businesses than to breach one company that has a dedicated security operations center.

Canadian businesses are not immune to this trend. A 2024 BDC survey found that 73% of Canadian small businesses have experienced a cybersecurity incident, ranging from phishing attempts to full denial of service attacks. Meanwhile, 61% reported experiencing a phishing attempt via email, the exact attack vector that misconfigured Microsoft 365 settings leave wide open.

Microsoft 365 security settings for Burnaby businesses are especially critical because the industries concentrated in this region, including professional services, legal, accounting, and construction, handle sensitive client information daily. A single breach doesn’t just cost money. It destroys client trust and can trigger compliance violations.

The Phishing Problem Is Getting Worse

Microsoft was the most impersonated brand in phishing campaigns in 2024, appearing in over 51% of all phishing scams worldwide. Attackers create login pages that look identical to the real Microsoft 365 sign in screen. When an employee enters their credentials on a fake page, the attacker walks right into your environment.

Without proper anti-phishing policies configured in Microsoft Defender for Office 365, these emails land in inboxes looking completely legitimate. Safe Links, Safe Attachments, and impersonation protection are all available within the platform. Most businesses have never turned them on.

What Properly Configured Microsoft 365 Security Actually Looks Like

The gap between a vulnerable Microsoft 365 environment and a hardened one is not about buying more software. It’s about configuring what you already have.

A properly secured Microsoft 365 tenant includes:

• MFA enforced for every user account, not just administrators
• Legacy authentication protocols disabled entirely
• Conditional Access policies that evaluate login context, including device, location, and risk level
• External sharing restricted to authenticated users with expiration dates on shared links
• Microsoft Defender for Office 365 configured with Safe Links, Safe Attachments, and anti-phishing policies active

Microsoft's own research confirms that MFA alone reduces the risk of account compromise by 99.2%. That single configuration change eliminates almost all credential based attacks. Yet according to research cited in the 2025 CoreView State of Microsoft 365 Security report, only 41% of organizations have implemented MFA effectively across their environments.

The remaining 59% are operating with the digital equivalent of a screen door on a bank vault. Every day those settings stay unconfigured is another day attackers have a clear path into your environment. And once they’re inside, they move fast. Forwarding rules get created. Data gets exfiltrated. Ransomware gets deployed. All before anyone notices something is wrong.

The businesses that take Microsoft 365 security settings for Burnaby businesses seriously are the ones that treat configuration as an ongoing process, not a one time setup task. Settings drift over time as employees are added, apps are integrated, and Microsoft releases updates. Quarterly reviews of your security posture are not a luxury. They’re a necessity.

The Business Cost of Getting This Wrong

The consequences of misconfigured Microsoft 365 settings extend far beyond the initial breach.

The 2025 Verizon DBIR reported that ransomware attacks rose by 37% year over year and were present in 44% of all confirmed data breaches globally. For small businesses specifically, the operational fallout is devastating. Systems go offline. Client data gets exposed. Recovery takes weeks, not days.

Here is what a breach typically triggers for a small business:

• Immediate loss of access to email, files, and collaboration tools
• Regulatory notification requirements if client data is compromised
• Cyber insurance claims that may be denied if basic security controls like MFA were not in place
• Reputational damage that drives clients to competitors
• Legal exposure from failure to protect sensitive information

The 2025 Verizon DBIR also found that credential abuse accounted for 22% of all breaches, and vulnerability exploitation accounted for another 20%. Both attack vectors are directly addressed by properly configuring Microsoft 365 security settings for Burnaby businesses.

How to Know If Your Settings Are Actually Configured

Microsoft provides a built in tool called Secure Score that evaluates your current security posture and recommends specific actions to improve it. It’s free, it’s already in your admin portal, and most businesses have never looked at it.

Secure Score examines your configurations across identity, data protection, devices, applications, and infrastructure. It then benchmarks your environment against similar organizations and prioritizes recommendations by impact. Most businesses we work with are shocked by how low their initial score is, even when they assumed everything was properly set up.

The tool isn’t a replacement for professional security management. But it gives you an honest snapshot of where you stand today. And for businesses that have never audited their Microsoft 365 configuration, that snapshot is often the wake up call that drives real change.

If you do nothing else after reading this article, take these three steps this week:

• Log into your Microsoft 365 admin center and check your Secure Score
• Verify that MFA is enforced for every user, especially administrators
• Review your external sharing settings in SharePoint and OneDrive

These three actions alone will close the most dangerous gaps in your environment. They cost nothing, they take less than an hour, and they dramatically reduce your exposure.

Stop Assuming Microsoft Has You Covered

Microsoft gives you the tools. They don’t configure them for you. That distinction is the single biggest security risk facing small and medium sized businesses running Microsoft 365 today.

The businesses that avoid breaches are not the ones with the biggest budgets. They’re the ones that took the time to properly configure their Microsoft 365 security settings. For Burnaby businesses handling sensitive client data across professional services, legal, accounting, and construction, getting this right is not optional. It’s the foundation of everything else.

If you’re not sure whether your Microsoft 365 security settings for Burnaby businesses are properly configured, Coleman Technologies offers a comprehensive security assessment that identifies exactly where your gaps are and what it takes to close them. Call (604) 513-9428 or book a courtesy 30 minute consultation at colemantechnologies.com to find out where you stand.

Sources:

1. Verizon, "2025 Data Breach Investigations Report (DBIR)," April 2025: verizon.com/business/resources/reports/dbir/
2. Microsoft, "Security at Your Organization: MFA Statistics," Microsoft Partner Center: learn.microsoft.com/en-us/partner-center/security/security-at-your-organization
3. Microsoft, "One Simple Action You Can Take to Prevent 99.9% of Account Attacks," Microsoft Security Blog: microsoft.com/en-us/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/
4. Microsoft, "Microsoft Digital Defense Report 2023": microsoft.com/en/security/security-insider/microsoft-digital-defense-report-2023
5. CoreView and Help Net Security, "Why Your Microsoft 365 Setup Might Be More Vulnerable Than You Think," July 2025: helpnetsecurity.com/2025/07/14/microsoft-365-attack-surface/
6. BDC (Business Development Bank of Canada), "Survey of Cybersecurity and Canadian SMEs," September 2024: bdc.ca/en/articles-tools/blog/cyberattacks-small-businesses-remain-denial
7. Hunto AI, "60+ Phishing Attack Statistics: Insights for 2026": hunto.ai/blog/phishing-attack-statistics/

Security can be challenging, even when you have the requisite protections in place. Passwords are too easy to forget, and a fob or token can be misplaced. One thing that’s a lot harder to forget or lose, however: your fingerprint.

Why not take advantage of what you and your entire team inherently possess to help protect your business? Let’s dive into how biometrics—who you are—is quickly overtaking “what you know.”  

Every business needs a cyber attack response plan for Lower Mainland businesses that actually works, yet more than half don’t have one. According to CrowdStrike's 2025 State of SMB Cybersecurity Survey, only 47% of small businesses with fewer than 50 employees have a cybersecurity plan in place, leaving 53% completely exposed.

If your company is among them, the next breach attempt isn’t a matter of if. It’s a matter of when. And when it hits, the clock starts ticking.

Cybercriminals are not randomly casting nets across the internet hoping to catch a Fortune 500 company. They’re deliberately targeting businesses like yours. The Verizon 2025 Data Breach Investigations Report confirmed that SMBs are being targeted nearly four times more often than large organizations. The reason is simple. Smaller companies hold valuable data but invest far less in protecting it.

For business owners across the Lower Mainland, from Langley to Burnaby to Surrey, the question is no longer whether your company will face a cyber threat. The question is whether you’ll have a plan ready when it happens.

Why Most Small Businesses Are Flying Blind

A 2025 Guardz SMB Cybersecurity Report found that while 80% of small business owners believe the need for cybersecurity has increased over the past year, only 34% have a formal incident response plan developed with a cybersecurity professional.

That disconnect is a gift to hackers.

Without a cyber attack response plan for Lower Mainland businesses, your team has no roadmap for the critical first hours after a breach. Who do you call first? How do you isolate compromised systems? How do you notify affected clients without creating panic? These are questions that need answers before a crisis, not during one.

The CrowdStrike survey also revealed that 42% of SMBs lack sufficient cybersecurity tools and 46% lack the expertise needed to defend against modern attacks. This means the majority of small businesses aren’t just missing a response plan. They’re missing the foundation to build one.

The stats that should keep you up at night:

• 96% of all SMB breaches fall into just three categories: system intrusion, social engineering, and basic web application attacks, meaning the threats are predictable and preventable with the right plan (Verizon 2025 DBIR)
• 60% of all data breaches involve a human element such as phishing clicks, weak passwords, or social engineering (Verizon 2025 DBIR)
• The average data breach takes 258 days to identify and contain, meaning attackers have roughly eight months of access before they’re detected (IBM Cost of a Data Breach Report 2024)
• 80% of SMBs with a formal incident response plan were able to avoid major damage during an attack (Guardz 2025 SMB Cybersecurity Report)

That last statistic is the most important one. Having a plan doesn’t just reduce risk. It’s the single biggest factor in determining whether your business survives an attack or gets buried by one.

What Happens in the First 24 Hours Without a Plan

Picture this scenario. It’s a Tuesday morning at your office in Surrey. An employee clicks a link in what looks like a routine email from a vendor. Within minutes, ransomware begins encrypting files across your network. Client records, financial data, project files, all locked.

Without a cyber attack response plan for Lower Mainland businesses, here’s what typically happens next: panic. Staff members start making well-intentioned but damaging decisions. Someone reboots a server, destroying forensic evidence. Someone else emails clients from a compromised account, spreading the attack further. Leadership scrambles to find an IT contact while the clock keeps ticking.

The Verizon 2025 DBIR found that ransomware was present in 44% of all breaches analyzed, a notable rise from the prior year. And for SMBs specifically, ransomware was a component of 88% of breaches.

Every minute without a coordinated response increases the damage. It widens the data exposure. It extends the downtime. It multiplies the cost of recovery.

The Real Cost of Having No Response Strategy

The financial consequences of a breach extend far beyond the initial incident. IBM's 2024 Cost of a Data Breach Report found that 70% of breached organizations reported significant or very significant disruption to their operations. Recovery efforts typically extend beyond 100 days, and only 12% of organizations were able to fully recover from a breach.

For small businesses, the impact is proportionally worse. A Hiscox Cyber Readiness Report found that 43% of organizations lost existing customers following a cyberattack. When you’re a 30-person firm in Langley or Abbotsford, losing 43% of your client base is not a setback. It’s an existential threat.

The consequences go beyond lost revenue:

• Regulatory penalties under Canadian privacy laws including PIPEDA
• Loss of client trust that takes years to rebuild
• Increased cyber insurance premiums or loss of coverage entirely
• Operational downtime that halts productivity across every department

The 7 Components of an Effective Cyber Attack Response Plan

Building a cyber attack response plan for Lower Mainland businesses doesn’t require a massive IT department or an unlimited budget. It requires clarity, preparation, and the discipline to put a plan on paper before you need it.

1. Designate Your Incident Response Team

Every business needs to identify who is responsible for what during a cyber incident. This includes an incident commander (typically the business owner or CEO for small companies), an IT lead, a communications point person, and a legal or compliance contact. Everyone should know their role before an incident occurs.

2. Define What Constitutes an Incident

Not every suspicious email is a full-blown breach. Your plan should clearly define the difference between a minor security event and a critical incident that activates your full response protocol. This prevents both underreacting to real threats and overreacting to false alarms.

3. Create an Immediate Containment Protocol

The first priority during any breach is containment. For any incident response plan to work for Lower Mainland companies, it should outline specific steps for isolating affected systems, disabling compromised accounts, and preserving evidence for forensic investigation. The IBM 2024 Cost of a Data Breach Report found that organizations using AI and automation in security operations identified and contained breaches nearly 100 days faster than those without them.

4. Establish a Communication Chain

Who gets notified first? In what order? Through which channels? Your plan should include:

• Internal notification procedures for staff and leadership
• Client communication templates ready for immediate deployment
• Regulatory notification timelines required under PIPEDA
• Media response guidelines if the breach becomes public

5. Document Your Critical Assets and Data

You can’t protect what you haven’t identified. Your plan should include a current inventory of all critical systems, data storage locations, backup protocols, and access credentials. This documentation becomes your recovery roadmap.

6. Partner with a Managed IT Provider Before You Need One

Trying to find a qualified cybersecurity partner during an active breach is like shopping for home insurance while your house is on fire. A proactive managed IT provider should be part of your cyber attack response strategy from day one, providing 24/7 monitoring, rapid incident response, and the expertise your internal team likely doesn’t have.

The CrowdStrike survey found that only 11% of SMBs use AI-powered cybersecurity tools. A separate VikingCloud study revealed that 74% of small business owners self-manage their cybersecurity or rely on an untrained family member or friend. That approach might save money in the short term, but it leaves your business dangerously exposed.

7. Test Your Plan Regularly

A plan that sits in a drawer is not a plan. It’s a wish. IBM's 2024 Cost of a Data Breach Report found that organizations with an incident response team that regularly tested their plan experienced 58% lower breach costs than those that didn’t. Yet among the three-quarters of organizations that had an IR plan, only 63% had a dedicated team and tested it on a regular basis.

Effective testing includes:

• Tabletop exercises at least twice a year simulating realistic attack scenarios
• Verifying that backup restoration actually works before you need it in a crisis
• Reviewing and updating contact lists, access credentials, and vendor agreements
• Debriefing after every test to identify gaps and improve response procedures

Why Lower Mainland Businesses Face Unique Risks

The Lower Mainland's business landscape creates specific cybersecurity challenges that generic advice doesn’t address. The region's concentration of professional services firms, legal offices, construction companies, and accounting practices means a high volume of sensitive client data flows through relatively small organizations every day.

Consider the typical law firm in Langley handling real estate transactions, or the accounting practice in Surrey managing payroll for dozens of construction companies. These businesses process financial records, personal identification documents, and confidential business data on a daily basis. A single breach could expose hundreds of clients simultaneously.

A cyber attack response plan for Lower Mainland businesses needs to account for Canadian regulatory requirements under PIPEDA, provincial privacy considerations, and the reality that many Fraser Valley and Greater Vancouver firms serve clients across multiple industries with varying compliance standards. What works for a tech startup in downtown Vancouver won’t work for a unionized construction firm in Abbotsford. Your plan needs to reflect your specific industry, your specific data, and your specific regulatory obligations.

Additionally, the region's growing reliance on hybrid and remote work arrangements has expanded the attack surface for many local businesses. Employees accessing company systems from home networks, personal devices, and public Wi-Fi connections create vulnerabilities that didn’t exist five years ago. Every unsecured endpoint is another door for an attacker to walk through.

Stop Hoping It Won’t Happen to You

Hope is not a cybersecurity strategy. The data is clear. More than half of small businesses lack a response plan. Attackers know this. They’re counting on it.

Building a cyber attack response plan for Lower Mainland businesses is not about achieving perfect security. Perfect security doesn’t exist. It’s about ensuring that when something goes wrong, your team knows exactly what to do, who to call, and how to minimize the damage.

The businesses that survive cyber attacks are not the ones with the biggest budgets. They’re the ones with the best preparation.

If you don’t have a plan in place today, you’re gambling with everything you have built. And the odds are not in your favor.

Sources:

1. CrowdStrike, "2025 State of SMB Cybersecurity Survey" (2025)
2. Verizon, "2025 Data Breach Investigations Report" (2025)
3. IBM Security / Ponemon Institute, "Cost of a Data Breach Report 2024" (2024)
4. Guardz, "2025 SMB Cybersecurity Report" (December 2025)
5. Hiscox, "Cyber Readiness Report 2024" (2024)
6. VikingCloud, "SMB Cybersecurity Study" (2025)

Most small business owners don't wake up thinking about network patches or endpoint detection. You’re focused on growth, your team, and your customers. Unfortunately, there is a persistent myth that “small” means “invisible” to hackers.

The reality isn't that hackers are out to get you specifically; it’s that they use automated tools to find any open door. If your door is unlocked, they’ll walk in. It’s not personal—it’s just a math problem for them.

In every office, there is a hero. They are the ones who clear their inbox before they leave, manage five Slack threads simultaneously, and pride themselves on a five-minute response time. We value these people because they make things happen. Unfortunately, that same high-speed, can-do attitude is exactly what hackers are looking for.

Toys are an essential part of our development as people, whether you’re talking about baby toys that teach color recognition and empathy, collaborative toys that teach sharing and teamwork, or creative toys that encourage imagination and outside-the-box thinking. Just imagine what the toys of the future will be able to accomplish… assuming, of course, that the security issues we’re currently wrestling with are dealt with appropriately.

Unfortunately, this hurdle still needs work to be cleared.

As your business has grown, have you fallen into the tech trap of DIY IT solutions? While you might have started with just a handful of employees, the infrastructure you’ve built is no longer sustainable or reliable. You need professional help if you want your business to stay competitive, and we have just the thing for you.

Can your team recall what you discussed during your last mandatory cybersecurity training session? We doubt it, and not because you did a bad job (we’re sure you did an excellent job on that PowerPoint, champ). It’s just that small business security training is far from engaging by default, and it’s seen as more of a requirement than anything else. If you want to shift this “annual compliance” perspective, you’ll have to make some changes, and fast.

Do you actually know which of your coworkers is one click away from getting the whole company hacked? It’s surprisingly easy to get into a business’ IT system. All it takes is one person falling for a fake email, downloading a sketchy file, or giving up their password to a scammer.

If you aren't testing your team, you’re basically just waiting for a disaster to happen. Here is why simulated phishing tests—sending out fake scam emails—are actually a great way to protect your business.

We’ve all been there. You’re flying through your inbox, trying to reach inbox zero before a meeting, and you click a link in a shipping notification. The page doesn't load quite right. You stare blankly and your anxiety spikes.

That moment happens a lot and it is a fork in the road for your company’s security. In many organizations, that employee’s next thought isn’t: “I should report this,” it is: “If I tell anyone, I’m going to get fired.”

We’ve seen our fair share of convenience vs. security trade-offs, but few consumer devices sit at the center of that Venn diagram quite like the Ring camera. To the average user, it’s a doorbell that significantly reduces package thieves. To those of us that work with technology, it’s a sophisticated Internet of Things (IoT) sensor with a direct, persistent uplink to one of the world’s largest cloud infrastructures.

Does this sound familiar? Your business is growing, but you haven’t changed your server hardware since you began operations. It’s hindering growth at this point, and you don’t know what to do. The best solution out there is to turn to the cloud. With the right implementation of a cloud-first model, you can effectively future-proof your business so it can grow unhindered.

How much control do you really have over your IT assets? Oftentimes, businesses will consider other priorities, like sales, operations, and customer service, before they focus on IT systems and resources. The problem with this is that it creates a significant burden for your business, both in terms of the hidden financial drains and serious security vulnerabilities that undermine your business’ stability.

We all have too many accounts nowadays. Between our personal lives, work, and practically all the entertainment we consume, there are dozens to keep track of and manage… and then there are the ones that charge us for a service they offer. The stacking costs of these services are bad enough, but if you see them start to double or even triple in a given month, you may be experiencing a common problem that is simple enough to solve.

To do so, we need to clarify the difference between creating an account and logging in.

Bring Your Own Device (BYOD) is a solution that has grown more popular over the past decade or so, primarily because more employees already own devices capable of running work-related applications. The employee gets to use a device they already know and love, while the employer saves money from the cost of equipping that employee. That said, the security risks associated with BYOD can undermine an ill-prepared implementation and open the door to potential legal action.

Have you ever considered investing in smart technology for your office? We’re talking, of course, about the smart appliances, lights, thermostats, and so on, all of which make your office feel like you stepped into a sci-fi movie. As IT experts, it would be wrong for us to let you implement all these shiny new solutions without considering the security implications.

Our question to you is this: are you willing to leave glaring security weaknesses in your infrastructure for the sake of being considered “high-tech?” We hope the answer is an emphatic “no.”

Cryptocurrency has brought about innovative new technology for use in the business world, but it’s also created more headaches, primarily due to ransomware. With ransomware, a malicious entity can lock down your computer files and demand a cryptocurrency ransom in exchange for your data’s safe return. So, why is cryptocurrency the chosen currency for these kinds of transactions?

So, you’ve added an antivirus to your business’ cybersecurity protections. That’s great—it’s an essential element of the comprehensive defenses that a modern business needs. However, it is important that the antivirus you’re relying on is, in fact, reliable.

Let’s go over how not all antivirus tools are the same, and what makes it so important to implement one that meets your business’ needs and protects against the threats you would otherwise have to deal with.

Scams are everywhere, and it’s up to you and your team to identify them before you accidentally expose your business to something truly sinister. However, it’s often easier said than done, and scammers have gotten craftier in recent years. Today, we want to discuss three of the dead giveaways that you’re looking at a phishing scam, as well as how to address it.

Nowadays, we’re all busy—especially at work. Collectively, our days are filled with improving our products and services, cultivating client relationships, and putting out fires left and right. Do you really have the mental bandwidth to commit to quibbling over whether or not your data is secure?

The fact of the matter is that cyberattacks of all kinds are a constant threat to everyone, and could very well take your business out of commission unless you do something about it. Let’s review some steps that will help reinforce your business’ security posture and better defend your data.