With a large portion of the global workforce now working remotely, many businesses have migrated to Office 365 to fulfill thier communication and collaboration needs, and to reap the array of benefits that these platforms offer - namely, flexibility, convenience and cost efficiency. Cyber criminals have matched this trend, directing more of their attacks at Office 365 email users than ever before. Here's what you need to know as a remote worker to reap the benefits of of cloud email without sacrificing security.



Office 365 Users Face Heightened Risk without Effective Supplementary Protection

The static, single-layered built-in email security features in Office 365 alone are unable to anticipate zero-day exploits, and have proven insufficient in safegaurding users against credential phishing, account takeovers and other sophisticated modern threats. According to Osterman Research, despite existing protection, 40% of Office 365 users have experienced credential theft nevertheless.

The FBI has issued multiple warnings regarding sophisticated COVID-19 related business email compromise (BEC) scams targeting cloud email users, and strongly urges businesses to implement critical additional layers of email protection in Office 365. Consistent with the FBI’s findings, Guardian Digital has identified and blocked more malicious emails targeting Office 365 users in 2020 than in any other year in the company's twenty-two year history.

Fortifying Office 365 email requires a layered supplementary email security solution designed to close the dangerous gaps in default cloud email protection, along with vigilant, secure behavior online and the implementation of the security best practices outlined in this article.

What Are My Risks Using Office 365?

In order to safely navigate Office 365, it is critical that remote workers fully understand the threats they face on a daily basis, including:

  • Phishing: Cyber criminals are taking advantage of remote employees’ increased dependence on cloud email, and are launching sophisticated phishing campaigns targeting Office 365 users, many of which continue to exploit the pandemic. These scams employ highly deceptive tactics such as impersonating government agencies, advertising fraudulent vaccines and asking for donations. According to the US Department of Homeland Security, there has been “an increase in phishing attacks under the guise of coronavirus-themed emails containing attachments” - a trend that persists to this day.
  • Malware: Threat actors are targeting Office 365 users with malware designed to infect and destroy their computers by wiping files or rewriting a computer's master boot record (MBR). This malware can be geared toward either destruction or financial gain.
  • Insecure networks: Incidents involving insecure configurations of services and firewalls have increased, as administrators are taking shortcuts to enable remote access for employees. From dealing with insufficient bandwidth, undersized VPN infrastructure and limited availability of managed devices for employees to take home, many businesses are unprepared to accomodate a remote workforce - and network security has suffered.
  • Office 365 vulnerabilities: Microsoft Exchange Online Protection (EOP) - the default security defenses provided in Office 365 - is glaringly inadequate, leaving remote employees vulnerable to credential phishing, account takeovers and other advanced threats. According to the FBI, 30% percent of phishing attacks make it through existing systems and are opened by target cloud email users.

Tips & Advice for Staying Safe in Office 365

We want to help you safely navigate Office 365 regardless of your current work environment. Here are a few tips and best practices to help keep you and your business secure:

  • Implement a comprehensive, fully-managed email security solution that seamlessly complements Microsoft Exchange Online Protection (EOP), providing the critical additional layers of security that Office 365 lacks.
  • Choose a strong password and enable multi-factor authentication (MFA).
  • Ensure that Azure AD password sync is configured correctly.
  • Enable mailbox auditing and unified audit logging in the Security and Compliance Center.
  • Disable legacy email protocols (if not required).

The Bottom Line

We recognize that properly setting up and securely navigating Office 365 while working remotely may seem challenging and overwhelming. The harsh reality is that organizations cannot rely on administrators to configure their cloud email service to be 100 percent secure. Thus, implementing a fully-managed solution that seamlessly complements Office 365 default protection, bolstering EOP's features with critical additional layers of defenses, is the most effective way to fortify cloud email against sophistiacted modern threats. Ongoing expert system monitoring, maintenance and support can simplify administration, improve security and reduce costs - delivering a rapid return on investment (ROI).

Want to learn more about how to prevent attacks in Office 365? If so, be sure to check out our free Office 365 protection guide. For more email security tips and advice on how to stay safe online, we encourage subscribe to our weekly Behind the Shield newsletter.

Have additional questions on how to safely navigate Office 365? Please do not hesitate to reach out to us - we are eager to help!

Blog Articles