Email is the most popular cyberattack vector today. Organizations and individuals often exchange highly sensitive data, files, and documents across email platforms, yet these are surprisingly easy to exploit. The 2019 Verizon’s DBIR found that 94 percent of all malware attacks were delivered via email. Proofpoint customers’ end-users reported nearly 9.2 million suspicious emails in just 2019 alone.
Besides spreading malware, threat actors also use emails to perpetrate social engineering scams such as phishing, baiting, and pretexting. Emailing is part and parcel of modern digital communications. It’s also the cornerstone of collaboration in Office 365 and other virtual workplace platforms. Given how essential and vulnerable emails can be in the workplace, here are 10 tips for securing email-based interactions in Office 365.
Understanding Microsoft Office 365 email security options
Before we get into what you can do to improve email security, let’s discuss the default security features built into the Office 365 suite. These are Exchange Online Protection and Microsoft Defender for Office 365:
- Exchange Online Protection
EOP is a basic email security system designed to protect Exchange Online mailboxes against spam and malware. This protection is part of the standard Office 365 license.
- Microsoft Defender for Office 365
MS Defender for Office 365 provides advanced dynamic protection against threats through sandboxing attachments and comparing email URLs against real-time blackhole lists. Defender for Office 365 Plan 1 is available with the Microsoft 365 Business Premium license. Office 365 E5, Office 365 A5, and Microsoft 365 E5 license holders have access to Plan 2, featuring dynamic response capabilities, incident simulations, and advanced threat analysis. You will find below more details:
Defender for Office 365 Plan 1
Configuration, protection, and detection
- Safe Attachments
- Safe Links
- Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
- Anti-phishing protection in Defender for Office 365
- Real-time detections
Defender for Office 365 Plan 2
Defender for Office 365 Plan 1 capabilities
– plus –
Automation, investigation, remediation, and education capabilities:
1. Switch to multi-factor authentication
The traditional username-password sign-on is no longer strong enough to secure email accounts. Multi-factor authentication adds a crucial security layer during login and minimizes the risk of stolen credentials. According to Microsoft, MFA can block over 99.9 percent of account compromise attacks. Enabling MFA is one of the easiest things you can do to protect your email accounts.
2. Block legacy authentication
Legacy authentication describes basic user authentication protocols in Azure cloud services. These protocols include SMTP, IMAP, POP, and MAPI. The problem is, legacy authentication techniques do not support modern security protocols such as MFA, making them easy entry points for malicious actors. Replace these outdated protocols with more robust email access security features.
Microsoft recently announced plans to turn off some basic authentication methods in Exchange Online in a bid to secure email accounts for all users.
3. Enable Unified Audit Log (UAL)
The Unified Audit Log records various events from Exchange Online, Azure Directory, Teams, and other Office 365 services. The log gives you an overview of past and ongoing activities in the Azure environment. It also allows for the reversal of various actions such as mass file renames and file restorations. Learn more about enabling and using UAL here.
4. Enable SPF, DKIM, and DMARC
When configured correctly, (1) Sender Policy Framework, (2) DomainKeys Identified Mail, and (3) Domain-based Message Authentication, Reporting and Conformance can block impersonation attacks, significantly reducing the risk of phishing and spoofing.
5. Disable mailbox auto-forwarding to remote domains
Auto-forwarding mail to external domains indiscriminately risks sensitive data leaving the secure corporate environment. Hackers can also use this feature to automatically receive data from unsuspecting users.
6. Get alerts for suspicious activities
Configure alert policies in the Security Compliance Center to track user activities and quickly notify the relevant admins of unusual activities. Abnormal user or system behaviour might indicate an imminent or progressing attack.
7. Use Microsoft 365 Secure Score
Microsoft 365 Secure Score measures your organization’s security posture across Microsoft 365 services by assigning it a numeric value when you first log in. The tool also provides actionable recommendations on sealing off security loopholes and assigns a numeric value to each that can be totaled to form an overall maximum score for your organization. You can also see how your organization’s score compares to the average scores across all Office 365 customers.
8. Encrypt corporate emails
Like we pointed out earlier, emails often carry sensitive information, including personal details, payment data, and corporate secrets. If an email account is compromised or an error occurs during transmission, this information may fall into the wrong hands. Email encryption ensures that only the right recipient can access or read the intended message and email attachments. With the built-in email encryption features in Office 365, you can set emails to prompt a one-time password when opened, only to be read within the Office 365 environment, or restrict copying and printing.
9. Enable the Report Message add-in
When fighting phishing attacks, your users are in the frontline as they truly see what is happening in their mailboxes. In some cases, they might receive and identify a phishing message and by enabling the Report Message and Report Phishing add-ins for Outlook, they can report it easily instead of deleting it quietly. This feature allows your users to report both spam and phishing emails and these reported messages are tracked in Office 365 backend and displayed in the Security Dashboard to allow administrators to follow up or take action before the same phishing emails are sent to other users and cause damage.
10. Educate your employees
Employees are usually the weakest security link in any organization. Human error accounts for a majority of data breaches and is among the fastest-growing cybersecurity threat today. Employees can make innocent mistakes, neglect security protocols, or unwittingly fall for social engineering scams. Create an employee training program focused on cybersecurity best practices and security accountability to minimize user-related cyber risk.
Adopt a multi-layered security approach
Azure hosts several Office 365 email security features, most of which are user-configured to the preferred security settings. Regardless of your Office 365 security settings, it’s essential to add as many security layers as possible. The good thing about a multi-layered security structure is that if one protocol fails, the rest can still protect your data. Take MFA, for example. Even if a threat actor acquires genuine credentials, they are rendered useless by the secondary user authentication stages.
Keep in mind that there is no single solution for email security and cybersecurity in general. It takes the collective effort of various tools and policies to create an effective cyber defence strategy.
Maintaining strong cybersecurity on the cloud is an ongoing process whose success hinges on the time and effort you put into it. But you don’t have to go at it alone – Softlanding is here to help. We guide organizations across Canada in leveraging various Microsoft solutions, including Azure, Office 365, and Microsoft Exchange, efficiently and safely. Contact Softlanding to learn more.