Email is one of our primary means of communication, especially in business, and is fundamental to collaborating in virtual workspaces like Office 365. Unfortunately, though, its centrality to many business and private functions and interactions makes it a highly targeted entry point for threat actors to try and obtain access to sensitive data, information, and files. In fact, malware attacks and social engineering attacks carried out via email in 2020 left several high-profile companies and government departments having to deal with the damage that ensued, and it was no small feat.
While Office 365 does provide default security settings for both the Exchange Online Protection (Standard License) and Microsoft Defender for Office 365 (Business Premium License), there are additional actions you can take to increase your security.
Two Factor Authentication
Two Factor Authentication (2FA) is seen as one of the easiest ways to quickly heighten the security of your email account. As the rate of cyberattacks committed through email has risen in recent years, the need for additional layers of identity verification has been highlighted, leading to many companies implementing 2FA as a basic requirement for many email accounts. This additional layer of security assists by reducing the risk of access and stolen credentials by blocking over 99% of account attacks.
Disable Auto-forwarding Options to Remote Domains
Emails that contain sensitive data and information have a lower risk of being compromised if they remain within the company domain. When a user opts to automatically forward emails to an external domain (often to a private address), the email is no longer protected by the company’s security settings. This provides a greater opportunity for a malicious actor to gain access to information without the sender being aware.
Encrypt Business Emails
As mentioned, because emails are the main source of online communication within a work environment, the likelihood that they contain highly sensitive data and information such as financial details or confidential business activities is high. Therefore, it becomes vital that such emails are adequately protected. Office 365 provides an encryption feature that aims to protect you and your business further by requesting a password to open the email, limiting access to the email outside of the work environment, and restricting printing and copying options.
Block Outdated Authentication Protocols
Older modes of authentication protocols like SMTP, IMAP, POP, and MAPI should no longer be used as they provide easy access points for attackers. These systems don’t support modern security features such as 2FA, so halting further use of them will ensure that your accounts retain a higher level of security.
Enable SPF, DKIM, and DMARC
There are email security protocols, namely Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC), that have been designed to work together to offer further protection against phishing scams and spam attacks. Although somewhat difficult to configure, they provide a valuable level of protection to your account.
Use Microsoft 365 Secure Score
To help protect your organization, Microsoft 365 tests your cybersecurity readiness so that you can work towards improving it. By assigning a numerical value to your Microsoft 365 identities’, apps, and devices performance, which can be accessed and monitored on your company’s Microsoft 365 dashboard, you can work towards a higher level of security by following the provided actionable recommendations.
Enable Unified Audit Log (UAL)
The Unified Audit Log, or UAL, is an online logbook recording the activities, both past and continuous, across your basic email security system (Exchange Online), Azure Directory, Teams, and many other Office 365 services. It provides an overview of your activities and allows you the control to reverse actions that should not have been made.
Opt in for ‘Suspicious Activity’ Alerts
Alerts are a warning system to make you aware of potential threats to your accounts. If enabled, you are in a better position to react to potential attacks before significant damage can be done.
Turn on the ‘Report Message’ feature
Reporting potential threats is a big part of staying on top of your security, so having the ability to do this easily is vital. With the ‘Report Message’ feature enabled, account users can act on suspect messages by alerting administrators immediately rather than just deleting them. The reported messages can then be tracked in Office 365’s backend and viewed in the Security Dashboard, allowing administrators to stop the threat in its tracks.
Train your staff
Human error can account for up to 95% of security breaches, which is no small amount. As we are not able to remove the human component from business, it is necessary to ensure employees are adequately trained to reduce the risk of security breaches to your organization. Implementing training programs that focus on cybersecurity best practices and security accountability will give your staff what they need to protect themselves and your organization.
More Protection means More Secure
Although Office 365 comes with default security settings, having a higher level of protection by implementing a multilayered security approach like the one above will reduce the risk that your business is negatively impacted by cybercrime.
As they say, it is better to be safe than sorry, so why not contact the team at Solzorro to discuss how you can further improve your business’s cybersecurity performance and protect yourself against potential threats.
