Protecting Office 365 From a Phishing Attack
What is a phishing attack?
- Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information, however this website is fake and the information you provide goes straight to the hackers running the scam.
- The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email and website both look legitimate) hoping users will ’bite’ by providing the information the criminals have requested. This could include credit card numbers, account numbers, passwords, usernames, and more.
The best way to protect your Office 365 is to ensure you are using the hat trick of Security: Multi-factor Authentication, Advanced Threat Protection and Email and Archive Protection.
- Multi-factor Authentication: Multi-factor authentication (MFA) is a really good way to prevent compromised accounts. You should strongly consider enabling MFA for all of your users. For a phased approach, start by enabling MFA for your most sensitive users (admins, executives, etc.) before you enable MFA for everyone.
- Advanced Threat Protection: Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. ATP includes threat protection policies, reports and threat investigation and response capabilities.
- Email and Archive Protection: Your organization needs to be the ensurer of your own data security and protection. Microsoft offers little protection, but it can never hurt to add an extra layer of security. Email and archive for Office 365 and SharePoint can be used to perform backup and restore of Office 365 emails, contacts and calendar (Exchange online) and files and folders (OneDrive), and document libraries and communication sites (SharePoint online). Organizations that deploy Email and Archive Protection for Office 365 can rest assured that all of their critical Office 365 data is backed up to the encrypted. This solution provides the most reliable and complete backup and restore methodology for Office 365 and can support up to three backups each day for Exchange, OneDrive, and SharePoint with detailed reports, monitoring, and verification of all backup activities.
This issue is not specific to just Office 365, this can happen with any email application you are running. Your business downtime is very expensive. Once hackers get access to these applications, they have access to everything your employees have access to. When this happens, your integrity is gone. Everyone on your list knows you were exposed, and you risk exposing them. Hackers can send emails out of your tenant directly from one of your employees, since they have gained access to it. You can not undue the damage this will cause to both your business and your reputation. Do you really want to be that person?
Installing the hat trick of security in your business (Multi-factor authentication, Advanced threat protection and Email and Archive Protection) is the best way to protect your business from outside threats. For just a few hours of labor and an insignificant cost upgrade to your Office 365 plan, 2W Tech can ensure you get the right solutions implemented to protect your Office 365 from phishing attacks and other outside threats. Give us a call today to get started.