Office 365 is the world’s biggest business productivity suite used by over one million businesses globally. And it’s popular for good reason too. It’s a fantastic tool for improving business productivity and includes critical applications such as email, Microsoft Office, Teams, OneDrive and much more.
But nothing is ever a perfect solution and Office 365 is no exception. When it comes to email security, Office 365 has some challenges that users should be aware of. Just under 50% percent of organizations on Office 365 are using a third-party tool to secure their email, highlighting the scale of the need for extra security.
In this article, we’ll take a look at some of the reasons why organizations are choosing to enhance O365 with third party email security controls. We’ll also cover the top three email security threats that organizations are needing to deal with in O365 and provide our recommendations for preventing them.
Why Are Organizations Using Third-Party Email Security With O365?
There are a number of reasons why organizations choose to use a third-party email security tool with Microsoft 365. Office 365 is a powerful platform, and there’s a huge amount of functionality on offer across its different applications.
But this means there is a huge amount of complexity when it comes to configuration and deployment. One area where we see this play out commonly is around Active Directory misconfigurations; over 90% of cyber-attacks involve Active Directory and this was a driving factor in high profile cyber-attacks like the Colonial Pipeline ransomware breach.
Secondly, many organizations are finding that Exchange Online Protection, the default email security tool Microsoft offers, is not equipped to deal with sophisticated phishing attacks. EOP does a decent job at protecting against spam and malware, but advanced phishing or account compromise attempts are able to bypass it.
There is also a lack of awareness for some of the features that Microsoft do provide to prevent email attacks. For example, Microsoft offers multi-factor authentication, which they argue prevents 99.9% of account takeover attacks. Unfortunately, some surveys have suggested that only 3% of O365 users have MFA turned on, as it’s not a default feature.
And finally, we have the problem of popularity. O365 is very easy to set up, and cybercriminals know that it’s what most business users will be using. It’s also very easy for anyone to easily purchase a domain and start testing out phishing campaigns to see what will bypass Microsoft’s own filters, or those of third-party email security providers.
So, what are the biggest email security threats facing O365 users, and how can you prevent them?
It’s likely that every person reading this article has received a phishing attack at some point: whether by email, text, social media, or just browsing the web. But on Office 365, phishing is an everyday occurrence.
Phishing can range from very basic attacks sent on masse, to very targeted campaigns that target particular users or individuals. 91% of successful data breaches begin with a phishing email and phishing attacks are becoming 7% more common year on year, with COVID causing a noticeable spike.
And in that wider context of the sheer volume of phishing, Office 365 is the number one platform targeted with phishing campaigns.
How To Stop Phishing Attacks
When it comes to stopping phishing, the best step organizations can take is to implement a comprehensive email security solution inside the O365 network.
We recommend looking for a solution that offers inbox-level email scanning, which can pick up on indicators of phishing, such as spoofed domains and suspicious content. Another key feature to look for is real-time scanning of URLs, as this is a common way that phishing attacks are delivered.
You can read our guide to the top 10 email security solutions for O365 here.
Account takeover attacks are extremely common in Office 365. These attacks occur when cybercriminals are able to compromise an Office 365 username and password through a phishing attack or otherwise, and then use that to gain access to a company network.
Account takeover has increased by 307% since the start of the pandemic. There has been a surge in account take over attacks in Office 365 in particular, because Microsoft accounts are so high value: they can give attackers free reign over email, Teams, OneDrive, SharePoint, Documents and more if you use Microsoft Active Directory integrations with third-party applications.
This is exactly what happened with the Colonial Pipeline attack – a single credential was compromised, allowing access to privileged Active Directory accounts.
Because of this, we’re commonly seeing lateral account takeover attacks in which compromised Microsoft accounts will be used to message other users on Teams, asking for shared passwords, and this can be incredibly effective.
How To Stop Account Takeover
When it comes to stopping account takeover, there’s really two bits of important advice we have. Firstly, turn on multi-factor authentication across O365 accounts. This is a no brainer – as we mentioned Microsoft claims this prevents 99.9% of attacks. This is particularly important for MSPs – who should be recommending all of their clients use MFA, as well as using it themselves.
But email security is also important to stop phishing attacks at the source and help admins to detect signs of account compromise. The best email security solutions for O365 use machine learning engines to detect anomalies in email communication, such as email content, devices used, location and more.
This helps to determine if account takeover has taken place, quickly alerting admins, and blocking emails if suspicious emails are detected.
Shared mailboxes can also be a point of failure, as even when companies have MFA implemented, they may have a shared mailbox which is not protected. This can easily be compromised and used for ATO attacks. For this reason, we highly recommend ensuring MFA is turned on across all mailboxes.
You can read our guide to the top multi-factor authentication solutions here.
Data Exfiltration And Data Loss
Finally, the third major email security issue we see organizations concerned about in Office 365 is data exfiltration and data loss. Data exfiltration is essentially the copying, transferring, or breaching of corporate data: which can include anything from credit card details to patient records in healthcare firms.
Data loss occurs when data is destroyed or otherwise rendered unusable, which can be hugely expensive to an organization.
Data loss is also commonly caused by ransomware, which can cause O365 data to be completely encrypted, or increasingly commonly, leaked––as we saw just before Apple’s keynote conference last year.
But data loss or compromise is not always malicious. It’s also very common for users to make errors in Outlook. To make our lives easier Microsoft has implemented a great tool which auto suggests contacts, canned responses and even attachments when you are drafting an email, particularly on mobile. But unfortunately, if you hit the wrong button, you can very easily send sensitive data to the wrong people, and there is no way to undo that action.
Research suggests 58% of us has accidentally done this at some point. Usually, this type of thing is just a bit embarrassing and goes away with an apology, but sometimes it can prove to be costly. Back in 2016 in the UK, an NHS Trust in London was fined £180,000 (about $224,000) under GDPR, due to a staff error in which a newsletter was accidentally sent with recipient’s email addresses in the ‘To’ field, instead of the ‘BCC’ field.
Compliance regulations such as GPDR and CCPA put stringent controls on organizations to protect against data breaches. Regulated industries such as financial services, healthcare and law firms are also subject to compliance laws stipulating how personal data must be protected. However, Office 365 on its own does not always provide the most stringent protection against data loss, and there are many opportunities for exactly these kinds of data breaches to happen, especially in the email channel.
How To Stop Data Exfiltration And Data Loss In O365
Unfortunately, human error is unfortunately not something we can solve with cybersecurity technologies. But there are some steps we recommend all organizations take.
Firstly, get some backup in place so that if you have a data breach, in which data is stolen or damaged in a ransomware attack, you can recover.
We’ve put together a guide to top backup solutions for O365 here.
Secondly, get a strong email encryption platform deployed and configured. We highly recommend looking for a solution that automatically encrypts emails containing sensitive data which takes some of the pressure off end users.
We also recommend looking for an encryption service that allows end users to unsend emails, or modify email content, which can go a long way to helping avoid some of those issues around human error.
You can read our guide to the top email encryption solutions for O365 here.
O365 is a great tool for businesses, but it’s important to be protected against increasingly sophisticated email security concerns.
If you’re unsure about which O365 email plan is right for your business, check our recent guide to Microsoft’s different plans on offer:
Office 365 E1 Vs E3 Vs E5: Plans Breakdown And Security Comparison.