Protecting Your Office 365 Accounts
A key part of your organization’s information security strategy is correct configurations for Office 365, because compromising your Office 365 accounts is a gateway to much more sophisticated attacks. Many industry breach reports speculate that hacking Office 365 email accounts is the first thing an attacker wants to do, because it has the potential to give them access to so much more information. Phishing is an obvious attack method when it comes to email. In fact, in 2017, the Microsoft Office 365 security research team detected between 180-200 million phishing emails each month. These types of bulk attacks can pay off for attackers. According to Symantec, hacked email accounts in groups of 2,500 or more can be worth anywhere from $1 to $15.
Although more and more organizations are incorporating strong security measures into their strategies, it’s still crucial to actively protect Office 365 accounts. Following Office 365 best practices, receiving CISA alerts, and keeping up with new patches are three ways that you can stay up-to-date in your security measures. Microsoft has named 10 best practices for Office 365 business plans:
- Set up MFA
- Train your users
- Use dedicated admin accounts
- Raise the level of malware protection
- Protect against ransomware
- Stop auto-forwarding for email
- Use encryption
- Protect emails from phishing attacks
- Protect against malicious attachments and files
- Protect against phishing attacks using ATP Safe Links
Let’s highlight auto-forwarding – does your organization know how to check whether your Office 365 mail accounts have forwarding rules turned on and configured? This will let your team know if any emails are auto-forwarded outside of your domain – which could be a sign of a compromised account. This is a default alert in Office 365 – but do you how to you verify it? Download this guide to learn how to correctly configure your forwarding rules.