Office 365 attacks are becoming more frequent and sophisticated. These attacks most often occur when a phishing email infiltrates a user’s environment. The attacks can be an attempt to capture login credentials or launch a full-blown malware infection such as Emotet. The emails can appear to be from another employee or even a trusted sender.
Here are a few ways you can protect yourself from these attacks:
Conduct security training. Security training is the best way to educate your team members about policies and procedures. As part of the training, phishing simulators can be used to help employees spot fake emails. Examples of realistic phishing emails can help to illustrate what is suspicious, such as the email address and domain of the sender, the language used, and the link that is embedded. Security training should be conducted yearly, at a minimum.
Enable two-factor authentication. Two-factor authentication is a computer access control in which individuals are granted access only after successfully providing an additional piece of evidence to authenticate their account. If someone has obtained someone else’s login credentials, they now have access to that account. However, if a mobile device is used as an additional authentication method, the valid account owner will know if someone is attempting to log in because a security code will appear on their phone.
Beef up spam protection. Most spam filtering programs allow traffic from specific counties to be blocked before they enter your environment. In addition, suspicious domains or senders should be blocked. It’s also a good idea to limit the IMAP, POP, and SMTP connections in your firewall to only the sources and destinations you’re familiar with.
By implementing these best practices across your organization, you can minimize your risk for an attack. For more information on enabling two-factor authentication or spam filtering solutions, contact us today.