The number of emails containing malware, particularly ransomware, is increasing exponentially. Cloud-based messaging systems such as Office 365 are not immune and, in the absence of adequate security measures, are just as vulnerable as traditional messaging systems.
What are the threats?
In early 2018, threats specific to the Office 365 environment emerged, such as “ShurL0ckr”, a “Ransomware-as-a-Service” platform with the ability to make itself undetectable by Office 365 anti-malware filters. ShurL0ckr infects Office 365’s OneDrive collaborative storage areas and encrypts the data, so that the owner can no longer access it.
Ces attaques sournoises peuvent voler des mots de passe, des portefeuilles de bitcoins ou des clés logicielles, lancer des attaques par déni de service, et bien d’autres choses. Increasingly sophisticated and difficult to detect, malware invites its potential victims to open an infected document contained in a ZIP file attachment, or to click on a link leading to a malicious site. A single successful attack can have a huge impact on an organisation or business, especially in a centralised, collaborative environment like Office 365.
It is important to adopt strict standards when it comes to e-mail security.
What level of email protection is there in Office 365?
Has your company opted for Microsoft Office 365 to protect its emails against attacks? But is this really enough? What measures can be implemented?
Microsoft Office 365 is one of the most popular office suites in the cloud. It consists of several SaaS applications designed for collaborative working. It offers businesses office applications, a file storage and sharing solution, a videoconferencing solution and a professional messaging service based on Microsoft Exchange. Administrators and users are alerted when phishing attempts are suspected.
Office 365 offers two levels of email security options called Exchange Online Protection, a computer-based filtering system against unwanted content, and Microsoft Defender for Office 365, a cloud-based system for detecting phishing attempts or compromised email.
How can Office 365 emails be protected against attacks?
Microsoft recommends a number of specific measures for securing emails in Office 365. Particular care should therefore be taken to ensure strong, multi-factor authentication and the use of dedicated administrator accounts. Transfer functions involve specific risks, and it is often wiser to block them.
Protection systems can be configured by the administrator to increase the level of protection against malware in transit via email. Similarly, it is important to define protection rules against ransomware and to communicate them to the company’s employees.
Are you using Defender for Office 365? Don’t forget to set your phishing protection. Defender is still where you’ll find the Safe for attachments and for checking hyperlinks in messages. Finally, using Office 365’s message encryption function helps to secure sensitive content and company data.
It should be remembered that the main risk factor is human, and that it is essential to train users in email security issues.
Do you need help securing your emails in Office 365? Or would you like to raise awareness among your staff through training? Don’t hesitate to contact us, our experts will be happy to advise you.
