Protecting from Attack in Office 365

Similar documents
Layer by Layer: Protecting from Attack in Office 365

Security and Compliance for Office 365

2018 Edition. Security and Compliance for Office 365

Office 365 Buyers Guide: Best Practices for Securing Office 365

MESSAGING SECURITY GATEWAY. Solution overview

Symantec Protection Suite Add-On for Hosted Security

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

ELECTRONIC BANKING & ONLINE AUTHENTICATION

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

Machine-Powered Learning for People-Centered Security

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

On the Surface. Security Datasheet. Security Datasheet

Phishing in the Age of SaaS

Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide

Evolution of Spear Phishing. White Paper

Security & Phishing

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Online Security and Safety Protect Your Computer - and Yourself!

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

BEST PRACTICES FOR PERSONAL Security

NETWORK THREATS DEMAN

How to Build a Culture of Security

State of the Phish 2016

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

Compliance in 5 Steps

9 Steps to Protect Against Ransomware

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Neustar Security Solutions Overview

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

CloudSOC and Security.cloud for Microsoft Office 365

FAQ. Usually appear to be sent from official address

Kaspersky Security Network

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER

Trustwave SEG Cloud BEC Fraud Detection Basics

Sectigo Security Solution

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Cyber Security Guide. For Politicians and Political Parties

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Panda Security 2010 Page 1

Office 365 Integration Guide Software Version 6.7

Symantec Security.cloud

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Block Threats Before They Reach Your Network Make Downtime a Thing of the Past. Comprehensive and reliable protection

BUFFERZONE Advanced Endpoint Security

ANATOMY OF AN ATTACK!

Security. The DynaSis Education Series for C-Level Executives

2017 Annual Meeting of Members and Board of Directors Meeting

6 Ways Office 365 Keeps Your and Business Secure

PEOPLE CENTRIC SECURITY THE NEW

How Cyber-Criminals Steal and Profit from your Data

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

Kaspersky Open Space Security

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

THE ACCENTURE CYBER DEFENSE SOLUTION

Cyber Hygiene Guide. Politicians and Political Parties

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

Reduce Your Network's Attack Surface

2 User Guide. Contents

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Keys to a more secure data environment

Sophos Central Admin. help

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Seqrite Endpoint Security

NHS South Commissioning Support Unit

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

Block Threats Before They Reach Your Network Make Downtime a Thing of the Past. Comprehensive and reliable protection

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Adobe Security Survey

NETSURION DEFENSE AGAINST BACKOFF: How Netsurion Effectively Protected Against Threats

The Mimecast Security Risk Assessment Quarterly Report May 2017

Phishing: When is the Enemy

Best Practices Guide to Electronic Banking

BRING SPEAR PHISHING PROTECTION TO THE MASSES

Cisco Security: Advanced Threat Defense for Microsoft Office 365

Securing Office 365 with Symantec

Information Security Controls Policy

The security challenge in a mobile world

with Advanced Protection

COMPLETING THE PAYMENT SECURITY PUZZLE

OA Cyber Security Plan FY 2018 (Abridged)

Getting ready for GDPR

DIGITAL LIFE E-GUIDE. A Guide to 2013 New Year s Resolutions

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Cybersecurity The Evolving Landscape

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

PROTECTION SERVICE FOR BUSINESS. Datasheet

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Transcription:

A hacker only needs one person to click on their fraudulent link to access credit card, debit card and Social Security numbers, names, addresses, proprietary information and other sensitive data. Protecting Email from Office 365 is the world s most popular office productivity suite, with user numbers surpassing 100 million in 2017. With the vast amount of data shared via email in the Office 365 Suite, a critical question IT admins should be asking is: How secure is it? The sophistication and instances of phishing and spear phishing attacks continue to rise, and organizations need to be ready to prevent infiltrations from every angle. With new threats emerging such as business email compromise, conversation hijacking and other social engineering efforts, it s now clear that no single solution can keep you as safe as you need to be. And if you re in a regulated industry, like healthcare or finance, the stakes to maintain data security are even higher. When you buy into the idea of replacing multiple productivity solutions with a single suite such as Office 365 there is a clear reduction of cost and increase in efficiency. However, the suite doesn t offer the layered security protection businesses need to safeguard data. While Office 365 comes equipped with native security features that protect data in a number of ways, customers need to look beyond what comes in the box and consider the liability that comes with too little protection. This white paper will detail how companies can reduce the risk associated with email-based malware attacks in an Office 365 environment by implementing a layered security approach that includes policies and training, filtering and encryption services and security software. Layer I: Policies & Training As we know, phishing and spear phishing attackers use a mix of social engineering and spoofed email addresses to obtain information they shouldn t be able to access. When these attacks are aimed at a company, hackers often access sensitive data belonging to both employees and customers. As well-known as these types of attacks are, there s a reason they still exist: People fall for them.

Office 365 was created as a productivity and collaboration platform first. Security was a secondary consideration. Scott Paul, Sr. Director, AppRiver Microsoft Alliance A hacker only needs one person to click on their fraudulent link to access credit card, debit card and Social Security numbers, names, addresses, proprietary information and other sensitive data. One of the best defenses against hacks is to establish consistent user training and implement and enforce polices regarding the handling of email. Email policies should be created in a manner that reduces risk of an attack, while addressing your organization s specific challenges and goals. Consider the following basic policies for internal emails: Don t send e-mail in HTML format Don t send unrequested attachments or hyperlinks Don t include or ask for personal information Use the full name of the user One way companies can help users minimize the risk of attack is to require a specific format for how each message is written. This provides an identifying element for users to verify each internal correspondence. If an internal email doesn t follow that format and includes a link, it could serve as a red flag for something suspicious. While it s possible the sender accidentally failed to follow the format, touch base with the sender. If the recipient can quickly IM or call the sender via phone to verify authenticity, a potential infiltration can be prevented. Training A good place to begin to determine potential vulnerability is to establish a baseline of end user security practices. You can t accurately fix a problem if you can t quantify it. This seems like a no-brainer, however nearly 80% of organizations don t conduct any sort of security testing. Here are some things to consider when implementing testing and training: Penetration testing: Sending users suspicious yet harmless emails to gauge whether or not they open them, respond to them or click on links. Whether conducted by your IT department or through an independent solution provider, penetration testing is a good way to see how susceptible your organization may be to attacks. Follow-up: Should an employee improperly interact with an email

As the most popular cloudbased email service in the world, Office 365 has also become the largest target for cybercriminals, Troy Gill, Security Analyst Manager, AppRiver. during penetration testing, it s critical to discuss the exercise as soon as possible and further emphasize best practices. Quizzing: At random intervals throughout the year, implement brief, mandatory quizzes to test staffers knowledge of data management best practices. This can help determine how well policies are being followed and guide areas of training improvement. Don t forget phones: Many hackers are now turning to the phone to lay the groundwork for an attack. Cybercriminals will often pose as someone within the organization, a customer or outside vendor and convince the employee on the line to open an email they ve received. A phone conversation can build trust that couldn t otherwise be gained by an email alone. Security policies and training should be reviewed continuously to keep up with the changing threatscape. Consider both to be living documents in constant need of refinement to ensure vulnerability is minimized. Layer II: Filtering and Encryption Services The second layer of securing email in an Office 365 environment is implementing cloud-based filtering and encryption services. Policies and training can reduce the possibility of a phishing or spear phishing attack, but the risk is never eliminated without supporting technology that identifies and takes action against threats before reaching the actual network. After all, humans make mistakes and hackers are devising more sophisticated and unexpected ways to gain access to networks. Here s what you should know about selecting point-to-point encryption, as well as appropriate and effective email security solutions. Point-to-Point Encryption Encryption is critical to a layered security approach because emails may contain sensitive data like Social Security numbers, credit card numbers and proprietary company information. Microsoft s offering encrypts emails once it reaches the server, leaving it readable while in transit. To best protect emails, point-to-point encryption which encrypts the message immediately is necessary to protect the email throughout the entirety of its lifecycle.

Relying on one platform to both host email and protect it effectively creates a single point of failure, David Pickett, Cyber Security Analyst, AppRiver. But point-to-point s benefits don t end just with encryption. By clicking on a send secure button, the encrypted message will remain in the server, and the recipient will receive a message allowing them to access the email via a secure portal. In short, infected emails are never sent or received. Advanced point-to-point encryption solutions offer secure recipient experiences in both mobile and desktop offerings, include client branding on emails to assist recipients in determining the validity/ source of the email, and provide true message recall, which allows the sender to unsend an email when needed. Email and Web Filtering Office 365 features some email filtering offerings, but they re often not comprehensive enough to address most organization s needs. The default filtering settings provide potential holes for unwanted email, malware and phishing leaks, not to mentionincreased administrative burdens. While the settings can be customized, doing so can be time consuming, especially when certain tasks have to be performed by end-users, which disrupts productivity not good for a suite selling customers on productivity. For many companies, finding a email security service outside of Office 365 is a necessity. Here s what you should be looking for in an email security service: Greater admin control over group and individual access restrictions Easy rules implementation to filter unwanted mail away from your inboxes Reduction of clutter from known malicious and unwanted sources Minimum of four anti-virus engines, continually updated Built-in mechanism to handle bulk mail Should an email get through with a corrupted link, web filtering, which isn t offered by Office 365, can provide another layer of defense to block malware from infecting your network. When considering a web filter, ensure it performs each of the following tasks: Shields your network from a wide range of malware, ransomware, adware and viruses via email, web download and java script download. Continuously monitor outbound traffic and sends real-time

There is no substitute for defense in depth multiple security layers around the Office 365 platform, Troy Gill. notifications if a malicious program is detected. Maintain fast browsing experience to maintain productivity. Updated thousands of times per day. When email security and web filtering are both employed in a layered approach, sophisticated attacks can be stopped. Consider the following scenario: An email with an embedded link is sent to someone in your organization late at night when they re not checking email. The link points to a clean Dropbox file, which has never been used in a previous attack. Because it hasn t been reported by any network monitoring programs your organization uses, the typical email filter recognizes it as safe and lets the email through to the intended user. At some point between the email being sent and passing through the network s filter, the malware provider changes the endpoint of the link, which leads the business user to malware when clicked. The user gets up in the morning and the now-malicious email is waiting in their inbox, ready for action. This issue is common and can be combatted with the right web filtering solution. While the email filter did what it was supposed to do, the hackers tricked the system by changing the link. Web filters with downstream monitoring will immediately notice when the link has been changed and redirect the email safely away from the user s inbox. A layered approach will position your organization to reduce the risk of email-related security issues to its absolute minimum. Layer III: Security Software While cloud-based filtering and encryption services can drastically reduce the risk associated with email security, it s also important to have the right locally-installed security software to complement your filter and in some cases serve as a final line of defense. Layered security is important because attacks come in all different forms and no solution can block them all. For example: An anti-virus solution can block and quarantine infected files brought in via local media, whereas a network firewall cannot. A network firewall is instead intended to block attacks from outside the network. Layered security is the best way to protect businesses from attacks and their own users.

Layered security is the best way to protect businesses from attacks and their own users. Here are other things you should look for in a locally-installed security software solution: Anti-virus protection: This is the most common need. While cloudbased web and spam filters can keep most corrupted emails out, security software adds another layer of defense. Content and image control: This can prevent potentially offensive material, which may also contain viruses, from getting through. Scalability: As your security needs grow, your software solution should be able to adapt to avoid lapses in security. Conclusion Hackers continue to find new ways to infiltrate networks and gain sensitive data via email, so it s more important than ever to have the most comprehensive security platform possible. Within an Office 365 environment, a layered approach consisting of comprehensive policies and training, cloud-based filtering and encryption services and locally-installed security software and hardware, depending on your organization s size will dramatically reduce the risk of your business being the next victim of phishing, ransomware or other social engineering attacks. Learn how AppRiver can strengthen your layered security approach and help take the liability out of leaving your network unprepared.

Phenomenal Care // Advanced Email Security Email Continuity // Email Encryption Secure Hosted Exchange // Office 365 // Microsoft 365 Web Protection // Email Archiving & Compliance Global Headquarters AppRiver 1101 Gulf Breeze Pkwy, Suite 200 Gulf Breeze, FL. U.S.A. 32561 1-866-223-4645 sales@appriver.com www.appriver.com EMEA Headquarters AppRiver AG Industriestrasse 33 5242 Lupfig, Switzerland +41 56 444 12 82 emea.sales@appriver.com www.appriver.ch

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback