Emails remain one of the most popular and widely used communication tools in the business. According to one recent estimate, there are four billion email users as of 2020. Unfortunately, hackers also know that companies run on email, and that is why they have naturally developed a variety of techniques and technologies to attack business email.
The Growth Of Email Security Threats
The security risks associated with business email have grown steadily over the past few years.
- Phishing. The practice of sending a fraudulent message to deploy malicious software or get the target to reveal confidential information. While phishing has been around for years, the costs of dealing with this email threat remain high. According to CSO, a cybersecurity publication, phishing accounts for 80% of all cybersecurity incidents.
- Malware. According to Verizon, malicious software almost always – 94% of the time – comes into companies via email. Any strategy to reduce the threat of malware must include a focus on email security.
- Ransomware Attacks Via Email. An April 2021 industry survey found that 79% of organizations suffered a disruption in 2020 due to ransomware with the average disruption lasting six business days. Many ransomware attacks involve email.
The nature of email itself is also changing. Over the past few years, a particular platform has risen to become one of the most popular choices for business apps: Office 365.
The Pandemic Has Driven Higher Office 365 Adoption
Office 365 is now used by more than 200 million monthly active users. That makes it one of the most popular business software packages in the world. In many cases, companies are shifting from traditional on-premise software to cloud versions of familiar apps like Outlook, Word, Excel, and PowerPoint.
The global COVID-19 pandemic has only served to accelerate the adoption of Microsoft’s cloud software, especially its collaborative app Microsoft Teams. In its 2020 annual report, Microsoft stated that Office 365 Commercial grew by 24% year over year, and the consumer version (i.e., Office 365 Consumer) now has 42 million subscribers.
The relative novelty of Office 365 means that some organizations have yet to master all of the product’s security capabilities. That is a significant problem because there are at least three ways for hackers to exploit weaknesses in a company’s email security.
Three Reasons Why Your Business Email Is A Hacking Target
Before exploring ways to contain the threat, put yourself in the hacker’s shoes for a few minutes, imagine what the attacker can gain by compromising your business email.
1) Compromise your email account
When an unauthorized person has access to your business email, they can copy messages, delete messages, and otherwise cause havoc. At best, such interference wastes your time. At worst, it can ruin your image as a professional if an attacker sends out malicious, insulting, or dangerous messages under your name.
2) Hide their activities by using redirection
Imagine you received an email from your company’s president or chief financial officer. You would probably immediately open it and any attachments. Unfortunately, some hackers use misdirection to trick people by impersonating others. Rather than seeing an email coming from an unfamiliar source, redirection allows a hacker to send a message that appears to come from a legitimate email address (e.g. “[email protected]”) which makes it more likely that employees and other users will open the message.
3) Plan for a more significant attack
Passive monitoring of a target’s email account allows a hacker to gather important information. For instance, a hacker could gather information for blackmail or plan a more sophisticated attack on the company. In addition, this kind of passive monitoring is more challenging to detect. For instance, imagine a hacker reading your emails for a week. They would be able to discover who you interact with and quickly identify high-value targets.
Three Ways To Make Office 365 Email More Secure
The good news is that there are a few simple steps you can take to reduce the risk of losing your business email:
1) Enable MFA (Multi-Factor Authentication)
Many banks and online companies have required multi-factor authentication (MFA) for years. This security measure makes it much more challenging for an attacker to gain access to a system. For instance, a common approach is to use a phone and your computer. You would receive a code on your phone that has to be entered before you are granted access in this situation. While such systems can still be compromised, it is much more difficult for an attacker to carry out such an attack.
In Office 365, there are three ways for end-users to authenticate themselves, including typing in a code received by text message, receiving a phone call, using the Microsoft Authenticator smartphone app, or using a FIDO2 key.
2) Optimize Conditional Access settings
Conditional access in Office 365 means giving access to a user depending on certain conditions (e.g. allow Android devices but disallow other devices, restrict access by IP address, etc). You can allow or deny access to your entire Office 365 environment or set rules for specific Office 365 apps. This is especially important since MFA methods based on SMS, OTP or even Microsoft Authenticator could be abused by attackers. Only FIDO2 keys allow for end-to-end validation.
Use these tips to set up conditional access effectively.
- Evaluate Legacy Systems. Older Microsoft products may not work correctly with conditional access. If you have a significant amount of legacy systems and Microsoft products in your organization, consider upgrading those apps or managing access separately. Evaluating your legacy systems is also important to include when you perform a cybersecurity risk assessment.
- Identify Patterns Associated With Attacks. You may find that attacks on your systems have certain patterns in common (e.g. IP addresses). In that case, consider making changes to your conditional access to combat such potential security risks.
- Keep Two Emergency Access Accounts. Also known as “break glass accounts,” it is recommended to exclude these accounts from your blanket conditional access. In the event your organization suffers a problem, these emergency accounts can help you recover more quickly.
- Monitor Excluded Accounts Separately. In addition to the two emergency accounts mentioned above, you might exclude other accounts from your conditional access setup. In that case, set a reminder to check on these user accounts monthly.
3) Require Admin Approval for Third-Party Apps
Office 365 made it much easier to connect third-party apps. For example, you can connect apps like Slack (messaging), DocuSign (electronic signatures), and Salesforce (customer relationship management) directly into Office 365. Unfortunately, connecting new apps to your Office 365 environment can pose additional risks.
To minimize your security risk, require administrative approval before third-party apps are activated. This safeguard will allow your IT experts to review the request, ask questions to the user, and make a thoughtful decision on whether or not to approve the request.
The Simple Way To Reduce Office 365 Security Risk
Managing the security details involved in Office 365 takes practice and training. Your IT team may have their hands complete with other technology projects. That’s why Hacknowledge’s certified security engineers can help with your Microsoft security needs: we can detect many kinds of security problems fast and help you respond to incidents quickly.