Welcome to Western Sydney Business Access

 fb tw yt in 

AVOIDING OFFICE 365 PHISHING ATTACKS Featured
03 March 2019 Posted by 

AVOIDING OFFICE 365 PHISHING ATTACKS

5 tips to foil email hackers
DARRYL MCALLISTER
DID you know that 90% of modern data breaches now involve a phishing attack?
These attacks usually consist of fake emails designed to look like they’re coming from a brand or institution that you trust (for example Microsoft, a courier company or your bank).
 
Their goal is to entice you to click through to their fake website and enter your username and password details. This enables hackers to steal your identity, breach your systems, and more.
 
Unfortunately, there’s no silver bullet to avoid these attacks – you need to implement a range of strategies to stop phishing from occurring. Here are five important strategies to consider.
 
#1 Education
 
When it comes to preventing phishing attacks, end users are your first line of defence. Unfortunately, they are also often your weakest link. 
 
Today’s cyber-criminals target employees, counting on their ability to exploit human curiosity, distraction and error. Many employees are ill-equipped to identify suspicious or malicious web content, putting themselves and their employers at risk.
For higher-value hacks, criminals put in greater effort to socially engineer the employee and abuse their trust. Senior executives with higher-level corporate permissions and access are often targeted in these types of campaigns – known as “whaling attacks”.
 
Security Awareness Training provides effective cyber-security education for employees. Courses are designed to modify risky user behaviours that can put the whole network in jeopardy. 
 
#2 Office 365 Advanced Email Threat Protection
 
New malware campaigns are being launched every day. Office 365 Advanced Threat Protection (ATP) can help protect your mailboxes, files, online storage and applications against sophisticated attacks in real time. 
It offers protection in Outlook, Word, Excel, PowerPoint, Visio, Teams, SharePoint Online, and OneDrive for Business. By safeguarding against malicious attachments and links, ATP complements the security features of Exchange Online Protection to provide better zero-day protection.
 
Businesses can add ATP to their subscription for a cost of $2.86 per user per month, and it should only take a couple of hours to customise and implement. 
 
#3 Office 365 Secure Score
 
Microsoft Secure Score helps increase your organisation’s security by encouraging you to use the new built-in security features in Office 365. Secure Score analyses your Office 365 security based on your regular activities and security settings, and assigns a score. Think of it as a credit score for security.
 
The average Secure Score in Australia is 30 - but the minimum recommendation is 150! Implement a regular review of your Secure Score to ensure it remains high. 
 
#4 Identity and access management in the cloud
 
Consider integrating your on-premises servers and users with Azure Active Directory to provide a wide range of security enhancements, including conditional access based on device and location, as well as multi-factor authentication.
The Microsoft Azure Premium P1 plan is the basic offering, with the higher-priced Premium P2 plan for clients that require the highest level of identity and access management across their cloud-based applications.
 
#5 Dark Web monitoring
 
The Dark Web is the underbelly of the Internet; consisting of a network of websites which are hidden from your typical internet user. Digital credentials that have been phished are commonly sold on the Dark Web. The buyers use those usernames and passwords to attempt access to a range of websites, including the Office 365 portal.
 
A Dark Web monitoring service can help protect your business from this occurring. It searches the most secretive corners of the internet to find compromised data associated with your domain name, and notifies you immediately. 
Unfortunately, phishing and whaling attacks are on the increase, and collectively we need to take more precautions than previously required.
 
Darryl McAllister is managing director at Netcare. Visit
 
 


editor

Publisher and editor, Michael Walls.
Mobile: 0407 783 413
Email: info@wsba.com.au
Mail: PO Box 186, Kurrajong NSW 2758
Office phone: 61 2 4572 2336

Western Sydney Business Access (WSBA) covers the business and community issues of the Greater Western Sydney region of Australia. WSBA is the popular media source for connecting with the pulse of the region and tapping into it's vast opportunities and networks.