With a large portion of the global workforce now working remotely, many businesses have migrated to Microsoft 365 to fulfill thier communication and collaboration needs, and to reap the array of benefits that these platforms offer - namely, flexibility, convenience and cost efficiency. Cyber criminals have matched this trend, directing more of their attacks at Microsoft 365 email users than ever before. Here's what you need to know as a remote worker to reap the benefits of of cloud email without sacrificing security.

Microsoft 365 Users Face Heightened Risk without Effective Supplementary Protection

The static, single-layered built-in email security features in Microsoft 365 alone are unable to anticipate zero-day exploits, and have proven insufficient in safegaurding users against credential phishing, account takeovers and other sophisticated modern threats. According to Osterman Research, despite existing protection, 40% of Microsoft 365 users have experienced credential theft nevertheless.

The FBI has issued multiple warnings regarding sophisticated COVID-19 related business email compromise (BEC) scams targeting cloud email users, and strongly urges businesses to implement critical additional layers of email protection in Microsoft 365. Consistent with the FBI’s findings, Guardian Digital has identified and blocked more malicious emails targeting Microsoft 365 users in 2020 than in any other year in the company's twenty-two year history.

Fortifying Microsoft 365 email requires a layered supplementary email security solution designed to close the dangerous gaps in default cloud email protection, along with vigilant, secure behavior online and the implementation of the security best practices outlined in this article.

What Are My Risks Using Microsoft 365?

In order to safely navigate Microsoft 365, it is critical that remote workers fully understand the threats they face on a daily basis, including:

  • Phishing: Cyber criminals are taking advantage of remote employees’ increased dependence on cloud email, and are launching sophisticated phishing campaigns targeting Microsoft 365 users, many of which continue to exploit the pandemic. These scams employ highly deceptive tactics such as impersonating government agencies, advertising fraudulent vaccines and asking for donations. According to the US Department of Homeland Security, there has been “an increase in phishing attacks under the guise of coronavirus-themed emails containing attachments” - a trend that persists to this day.
  • Malware: Threat actors are targeting Microsoft 365 users with malware designed to infect and destroy their computers by wiping files or rewriting a computer's master boot record (MBR). This malware can be geared toward either destruction or financial gain.
  • Insecure networks: Incidents involving insecure configurations of services and firewalls have increased, as administrators are taking shortcuts to enable remote access for employees. From dealing with insufficient bandwidth, undersized VPN infrastructure and limited availability of managed devices for employees to take home, many businesses are unprepared to accomodate a remote workforce - and network security has suffered.
  • Microsoft 365 vulnerabilities: Microsoft Exchange Online Protection (EOP) - the default security defenses provided in Microsoft 365 - is glaringly inadequate, leaving remote employees vulnerable to credential phishing, account takeovers and other advanced threats. According to the FBI, 30% percent of phishing attacks make it through existing systems and are opened by target cloud email users.

Tips & Advice for Staying Safe in Microsoft 365

We want to help you safely navigate Microsoft 365 regardless of your current work environment. Here are a few tips and best practices to help keep you and your business secure:

  • Implement a comprehensive, fully-managed email security solution that seamlessly complements Microsoft Exchange Online Protection (EOP), providing the critical additional layers of security that Microsoft 365 lacks.
  • Choose a strong password and enable multi-factor authentication (MFA).
  • Ensure that Azure AD password sync is configured correctly.
  • Enable mailbox auditing and unified audit logging in the Security and Compliance Center.
  • Disable legacy email protocols (if not required).

The Bottom Line

We recognize that properly setting up and securely navigating Microsoft 365 while working remotely may seem challenging and overwhelming. The harsh reality is that organizations cannot rely on administrators to configure their cloud email service to be 100 percent secure. Thus, implementing a fully-managed solution that seamlessly complements Microsoft 365 default protection, bolstering EOP's features with critical additional layers of defenses, is the most effective way to fortify cloud email against sophistiacted modern threats. Ongoing expert system monitoring, maintenance and support can simplify administration, improve security and reduce costs - delivering a rapid return on investment (ROI).

Want to learn more about how to prevent attacks in Microsoft 365? If so, be sure to check out our free Microsoft 365 protection guide. For more email security tips and advice on how to stay safe online, we encourage subscribe to our weekly Behind the Shield newsletter.

Have additional questions on how to safely navigate Microsoft 365? Please do not hesitate to reach out to us - we are eager to help!

Email Risk in Microsoft 365

is Greater than Ever

Get the Guide

Must Read Blog Posts

Latest Blog Articles

Recommended Reading