Prevention tips for Office 365 security threats

Office-365-security

Office 365 has become a go-to standard for messaging needs.  The growth of features, functionality and managed service offerings has given Office 365 customers a stable and secure solution.  Unfortunately, bad actors such as spammers, hackers and phishers have also grown in number and sophistication.  The Redmond Channel Partner Magazine recently documented how much sneakier phishing attacks have become with new methods that circumvent typical malware protection.

According to the Poneman Institute’s 2018  U.S. Cost of a Data Breach Study, it takes an average of 197 days to identify a data breach. It takes another 69 days to fully contain it. What’s more, identity protection is likely the biggest weakness to security. According to Gartner Research, compromised identity credentials continue to be a major element in data breaches. And the number of these breaches, including identity-related fraud (such as account takeovers), is growing.

The increase in worker mobility has eroded the traditional IT perimeter. That perimeter has been replaced with the user, front and center, and that perimeter goes wherever your users go. What we also find is that users, with no bad or malicious intent, often use weak or old passwords because they’re easy to remember, or because it’s easier and more efficient to have one password for all of their applications and accounts. Hackers know this, and will exploit it.

Prevention is the best protection

Preventing security issues with the right tools is an essential first step in protecting your organization. Endpoint protection tools are readily available in the marketplace – some offered as add-ons to messaging packages for a small per-user fee. What should you look for to protect Office 365 messaging users from advanced attacks?

  • Hyperlink protection: Proactively protect your users from malicious hyperlinks in a message. The protection should remain every time they click the link, so malicious links are dynamically blocked while good links can be accessed.
  • Attachment protection: Protect against unknown malware and viruses to safeguard your messaging system. Best practice here for all messages and attachments that don’t have a known virus/malware signature is to route to a special environment that uses machine learning and analysis techniques to detect malicious intent. If no suspicious activity is detected, the message is then released for delivery to the mailbox.
  • Spoof intelligence: Detect when a sender appears to be sending mail on behalf of one or more user accounts within one of your organization’s domains. This type of protection enables you to review all senders who are spoofing your domain, and then choose to allow the sender to continue or block the sender.
  • Messaging quarantine: Look for tools that allow messages identified as spam, bulk mail, phishing, containing malware or matching a mail flow rule to be sent to quarantine. Authorized users should be able to review, delete, or manage email messages sent to quarantine.
  • Anti-phishing capabilities: Look for tools that utilize machine learning to detect phishing messages. The more advanced the security platform and dataset available in the tool, the more effective the tool will be in its ability to remediate cyberattacks.

One word of caution: Even the most vigilant email users can fall victim to a malicious attack.

In this data-rich environment, the best offense is a great defense. Take a proactive approach in ensuring that the right endpoint protection services are in place, and implement a strong training strategy so users can identify and avoid phishing and malicious attacks.


Greg-Pierce-headshotGreg Pierce is the Principal Technologist at DXC Concerto.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: