+61 2 9270 0666

The Facts on Office 365 Email Security

Office 365 Email Security

Out of the box, Microsoft’s Office 365 email security provides some good levels of protection around basic spam and malware filtering. If you want something more substantial that will suit your business, it’s most likely that you need to look at 3rd party products to fill the gap.

The Office 365 suite isn’t a one-site fits all platform. Microsoft have built the platform with all it’s tools as a great starting point. In many cases, adding 3rd party products can enhance the functionality and security than the uplift that Microsoft would charge for similar services.

You will need to plan your strategy to help thwart the security attacks on your Office 365 email. Industry pundits are already suggesting that phishing scams will be more of a problem than hacking or ransomware.

When you’re moving your business to the cloud, managing all the security requirements adds another layer of complexity and consideration. It’s important to make sure you know what you need and what you are getting.

What’s in the box with Office 365 Exchange Online Protection?

Exchange Online Protection (EOP) includes a lot of features that you would expect in many on-premise email filtering platforms. With Office 365, the included security features make it an easy option.

EOP is Microsoft’s cloud-based email filtering services. It was built to protect your business against spam and malware.

With the Office 365 Enterprise plans, Microsoft have only included the anti-spam and malware defence with their subscription. If you want more, you will need to upgrade to Advanced Threat Protection.

Office 365 Spam Protection

Anti-spam measures are a big commodity item these days in the email filtering landscape. Spam has been around for that long that most products provide spam filtering – and everyone should be doing it well. Sadly, not all do.

Microsoft’s EOP spam filtering works okay and is centrally managed within the Office 365 administration portal.

Like most anti-spam engines, EOP utilises a range of techniques and content analysis to detect spam. Office 365 EOP checks for spam inbound and outbound of your tenancy.

By default, all detected spam is sent to the Junk Email folder within the Exchange profile. This can be accessed on any device to review and retrieve any emails that have been falsely marked as spam.

One downside with Exchange Online Protection is that if any email is falsely marked as spam, you need to the send the email as an attachment to Microsoft to have the email examined and re-classified.

This is a bit of a burden on many users. It’s unlikely many people would go through the process.

Microsoft’s Exchange Online Protection includes:

  • Inbound spam detection
  • Outbound spam detection
  • Bulk email filtering
  • Malicious URL block lists for known-bad URLs
  • Anti-Phishing protection for known-bad spam domains

Office 365 Malware Protection

By default, malware filtering is enabled across the board in Office 365. Basically, it includes:

  • Anti-malware protection in all inbound email
  • Anti-malware incorporates anti-virus and anti-spyware controls

Microsoft claims to have zero-day protection against malware. Interestingly, Microsoft also provides a service for users to upload malware to report malware that made it through the filter.

Domains hosted in Office 365 are the most targeted for phishing attacks. Interestingly, phishing attacks in Office 365 can originate from other domains hosted within Office 365.

Anti-malware policies can be customised, however the default policy will always remain.

In short, the anti-malware component is very simple. When malware is detected, it deletes the whole message or just the attachments.

Office 365 Email Security Features You May Need

Simply, look at third party vendors. In this space, Microsoft has realised there’s and issue and now offers Advanced Threat Protection (ATP) as a separate product to add-on to EOP.

By the time you add the costs of ATP, you might be better off looking at 3rd party solutions. To learn more about Office 365 ATP, go here:
https://products.office.com/en-au/exchange/advance-threat-protection

Robust Anti-Phishing

Phishing attacks are transforming. They are just getting smarter. Office 365 EOP only provides the basic checks. You will likely need to go further.

Phishing scams can be used to steal credentials and solicit money from your business. To stay in front of the evolving techniques used by scammers, you should look at:

  • Deploy URL filtering and web filtering. These strategies can provide defence against malicious URLs and provide ‘time-of-click’ analysis.
  • Look at adopting cyber security training to keep your staff up to date with the latest phishing strategies so they know how to identify a potential scam.
  • Implement a Secure Email Gateway (SEG) in front of Office 365 to better identify spoofing of internal email addresses, similar domain names and other traits of phishing scams.

Building in Email Resilience

Every business relies on email. Internal and external communication stops without it. If you are solely relying on Office 365, any outage can essentially take your business offline.

When you are looking to enhance you email security, you need to look at not only protecting your email against threats, you need to protect your email against outages.

There are 3rd party solutions out there that provide resiliency for Office 365. If your Office 365 tenancy goes down for any reason, you can use your resiliency options to send and receive emails. This applies to both desktop and mobile applications.

Once your 365 email comes back online, all your email, including those that you’ve sent, will flow back to your Office 365 mailboxes for all your staff.

Upgrading Your Anti-Malware Position

Once you’ve deployed a SEG in front of Office 365, you will have access to a range of strategies and mechanisms that aren’t included with Exchange Online Protection.

SEG solutions have the ability to encode URLs. When someone clicks on an encoded URL, the destination address is checked by the SEG when the link is clicked on. Further checks are performed at the ‘time-of-click’ to validate the domain and any potential payload for malware.

Most email gateways only check URLs against a known block list when they are delivered to your mailbox. This kind of defence is a false sense of security.

Look Internally for More Security

Your staff are always the last line of defence and technology can only do so much. Security awareness training can help.

Training your staff to be aware of phishing attacks and other questionable practices around the use of email is a powerful weapon against nefarious email traffic.

Only 11% of organisations focus any effort on training for cyber attacks. This would suggest that over 90% of businesses are relying purely on technology solutions to fill the gaps.

There are many solutions available in the market that provide self-paced online training that will ensure your staff are aware of the tricks and tactics that scammers use to try and con your staff.

Where to next?

It’s important to understand that once you’re in Office 365, you might have gaps around email security. How are you going to fill those gaps?

With the growing number of threats around phishing attacks and at the speed these attacks are evolving, you need to make sure that your Office 365 email security solution is protecting your business data, your staff and your customers.

Use available technology to limit the exposure to phishing attacks. At the same time, train your staff to identify the scams to further mitigate the risk against falling prey to phishing scams.

     

    ITConsult designs, implements and supports IT environments for Australia‘s medium-large organisations through a portfolio of business IT solutions. Navigating technology today can be a minefield and everyone seems to have an agenda.

    If you'd like to have a good old fashioned talk about what might work for you, please get in touch for an obligation-free, over the phone chat.

    Related Posts

    • Using shortcuts in Teams can save you heaps of time. Download our handy guide for Microsoft Teams keyboard shortcuts to improve your productivity

    • Essential Eight Cyber Strategy

      There’s a ton of different ways to implement a cyber security strategy these days. Various vendors and suppliers have their own products and methods. With all the choices out there, the Essential Eight cyber strategy is a good place to start. With the Essential Eight, you’ll get a at least a starting point as a basis for your cyber security strategy. Fortunately, it’s easy to implement, it’s not going to break the bank and it will co-exist with other cyber security strategies. The Australian Signals Directorate’s cyber security teams have developed the Essential Eight program. The Essential Eight is a baseline strategy that your business can deploy as a starting point to mitigate against cyber incidents. What is the Essential Eight Cyber Strategy? The essential eight is a set of initiatives that you can implement within your business. Once you’ve deployed the Essential Eight, it’s going to make it harder for the ‘Bad Actors’ to get access to your environment from the outside. The Essential Eight strategies are: Application white listingApplication patchingMicrosoft Office macro configurationApplication hardeningRestricting administration privilegesOperating system patchingMulti-factor authenticationDaily backups To implement many of the ASD’s initiatives, you may not need to put in a lot of effort.

    • 5 ways to protect against identity attacks with Multi-Factor Authentication

      Conventional authentication policies that depend on usernames and passwords alone are no longer secure. As our data evolves, the way we protect access to that data needs to change. Identity attacks are the easiest way into your systems. As we move data from a complete on-premise environment to cloud applications and hosted services, the perimeter of your security footprint has moved. Poor authentication practices are #2 in the list of security risks published by OWASP. Confirmation of your staff’s identity is critical to protect against authentication-related attacks. Cyber criminals know about the security challenges you face. They are actively finding ways to trap your staff into handing over credentials. They are also relying on people’s tendency to re-use passwords everywhere. Often, they’ll use the same password across their work and personal accounts. Here are 5 ways an attacker could gain access to your systems if you only have username and password authentication. There’s no doubt that someone is trying these attacks on your business right now. #1 Broad-based phishing campaigns Why are phishing emails still the number one way of gaining access to someone’s credentials? Simply, the numbers are in their favour. After all this time they are still effective.

    • Office 365 Security Best Practices

      Even though Microsoft’s Office 365 is an easy-to-use platform, securing your data in the cloud is not that simple. Implementing a few Office 365 security best practices can at you’ll have your data in a safer place than it was yesterday. Office 365 is constantly evolving with new features being added every month. Keeping on top of your security posture is critical. Out of the box, Office 365’s settings for data security are fairly weak. We’ve seen organisations that have been in a far worse position than they thought when it came to cloud security. By modernising their security, many business are incorporating a zero trust methodology. This helps to secure sensitive data and improve their ability to defend against modern cyber threats. Office 365 can form part of that zero trust framework if security is planned right. To help get your business in a better position, we’ve put together a list of our top Office 365 security best practices. We aim to configure these principles for all our clients. By implementing this list, we’re sure that your data will be safer and you’ll be back in control. Office 365 Security Best Practices Start With Your Password Policy Password policies

    • Microsoft Azure Cloud

      Building a hybrid cloud environment just got a whole lot easier. Are you ready for tried and proven way of given your applications fast access to on premise data and replicating to the cloud for DR? Enter NetApp Cloud Volumes. It’s true that you can outsource infrastructure, applications and services through various as-a-service programs. You can’t outsource the responsibility you have for your business data. Your business data must be secured, protected and managed. Now, you can implement a single, cohesive data fabric that is geared for performance. With this single data fabric that stretches from on-premise to the cloud, you can maintain control of your data and still attached a myriad of as-a-service resources. We’ve found that progressive business need to: Migrate workloads seamlesslyImplement unified data management across your on-premise and Azure cloud environmentsDeliver cost-effective data protectionStand up DR and Backup up to Azure cloudImplement consumption-based cost savings through the cloud NetApp Cloud Volumes ONTAP for Azure provides a data storage solution that is flexible enough to fit nearly any requirement. You can implement NetApp Cloud Volumes disaster recovery, DevOps and test environments through to cloud-based applications and file services. NetApp Cloud Volumes can help you minimize your storage

    Level 1, 237 Mona Vale Road
    St Ives NSW 2075 Australia

    Phone: +61 2 9270 0666

    PO Box 731
    St Ives NSW 2075 Australia

    © 2024 The IT Consultancy Group Pty Ltd. All Rights Reserved.

    Privacy Policy | Disclaimer | Acceptable Use Policy | Fair Use Policy