Phishing emails are one of the most pernicious threats facing organisations today. If you’ve been leveraging Microsoft 365 and Azure to keep your users productive whilst working remotely, here are some steps you should take to secure your deployment and protect your organisation from phishing emails.
Phishing emails are one of the most significant cyber threats facing your organisation today. Designed to evade both technical and human defences, phishing emails will remain one of the main threat vectors that hackers use to deliver both ransomware and business email compromise (BEC) attacks in 2021.
What are phishing emails? Phishing emails are sent by cybercriminals, and they pretend to be from someone you trust like your bank or your local council. Their goal is to convince you to do something which they can use to their advantage, such as click on a link to a malicious website or provide login and other personal details.
Your organisation needs to know how to be better at defending against phishing emails. This includes training your people to identify them, implementing processes to deal with them, and hardening your infrastructure to reduce the chance of a phishing email becoming a launchpad for a ransomware or BEC attack.
Secure Your Microsoft Cloud Estate
If you’ve been leveraging Microsoft 365 and Azure to keep your users productive whilst working remotely, there is functionality available to you in these products that will secure your deployment and protect your organisation from phishing emails. Here are the top six, according to our cyber security experts.
- Enable spam and virus filters. Ensure all filters are enabled and turned on to block and alert mode to ensure known malicious emails are detected and treated well before they are able to enter a user’s mailbox.
- File type and file analysis. Enable or whitelist file extensions that are used by your organisation so that all others are blocked by default. If your organisation does not use macro-enabled xlsx documents, make sure they are blocked by default.
- Sandboxing. Most cloud provider email scrubbing systems have the ability to open a suspected email within a segregated safe area to ensure there are no malicious files hidden within. Enabling this feature allows real-time analysis to be performed before it hits a user’s machine.
- URL inspection. Most cloud providers have the ability to inspect any web links that are contained within the body of an email to determine if the destination is malicious. This is critical to protect against even the most diligent of users against watering hole attacks. Note: A watering hole attack works by identifying a website that’s frequented by users within a targeted organisation, or even an entire sector. The website is then compromised to enable the distribution of malware.
- Domain impersonation/similarity. Mail scrubbing services have an ability to compare the sender information name, domain etc. to known contacts your users deal with. Doman impersonation or similarity is detected as opposed to the user examining in close detail if the name is spelt wrong.
- SPF/DKIM/DMARC configuration. Sender Policy Framework, Domain Keys Identified Mail and Domain-based Message Authentication, Reporting and Conformance are security controls built into the email infrastructure that confirm originating emails come from a registered server, are not altered or changed from destination and receiving servers, and upon failure of these control parameters can instruct what happens to the email itself.
By following these six configuration steps, you will go some way towards protecting your organisation from phishing emails and the malicious payloads they are designed to deliver. But there’s always more you can do. We’ve provided an additional six steps you can take in our new phishing infographic, which you can download for free here.
Secure Your Microsoft Cloud Estate
Microsoft 365 and Azure are keeping organisations running in 2021, giving people the tools they need to deliver essential services whilst working remotely. But this increased reliance on Microsoft cloud services has meant that hackers are targeting them more than ever before to launch ransomware and BEC attacks. As recent high-profile attacks have shown, the damage they can cause to organisations and their residents and citizens is significant.
To book a free Microsoft Cloud Security Assessment with one of our experts that will help you secure your Microsoft 365 and Azure deployments to protect your people and the communities you support, click here and fill out a simple form.
Subscribe to the newsletter today
Lockdown introduced new threat vectors for organisations in