Office 365 Email Security – Username and Password Alone are Not EnoughLew Smith, Director of Consulting Services
Recently, Nasdaq.com posted an article indicating that Office 365 email attacks are increasing. This is consistent with what we’re seeing and hearing in conversations with partners and prospective clients who have felt the impact directly (their email has been compromised). Companies tend to forget that the Office 365 login portal is a web page open to anyone who wants to attempt a login. Limiting login by country is a hot topic on the Office 365 UserVoice page, but even this will not be enough to stop malicious login attempts.
Unfortunately, users do not always follow best practices regarding password complexity and password use. What I mean by “password use” is that we consistently discover passwords are not unique to each service or portal. In other words, people apply the same passwords to many different sites and services. While this is understandable from a memory recall perspective, this approach increases the security risk for your business. Once any of these services is hacked, that password becomes available to hackers. We have seen this happen countless times, which is why we’re launching a Dark Web scanning and alerting service.
Considering these details, how do you add another layer of security to protect your Office 365 email? The easiest next step is to enable and deploy Multi-Factor Authentication (MFA), which is included in your Office 365 plan already. MFA adds an additional “factor,” or data point, to the login process. Once a username and password are entered, the user is prompted to associate the MFA details to finalize the login. This additional factor can be delivered via several methods within Office 365, but we find that most companies prefer to deliver that factor via text message or the Microsoft Authenticator mobile app.
After reading that last paragraph, I know what you may be thinking. Implementing a process such as this is going to add another layer to the login process for you and/or your team. They will not be happy. I’ve heard this exact same response, and many others, but the question you should be asking is: “Can my business survive an email attack?” The potential financial, reputation, and business loss that can result from such a compromise can cripple your business. With that said, 5-10 additional seconds during a login process is well worth the time to avoid such a catastrophe.
From a security perspective, the Microsoft Authenticator app is the most secure option available, and the easiest method to use, in my humble opinion. Using this method, you simply need to tap “approve” once the app prompts you to verify your login, and then Office 365 finalizes the login process. Should the app prompt you for an approval when you’re not actively logging in, you know that someone is attempting to access your account. In such a situation, it might be a good time to change your password. Better safe than sorry.
This may seem somewhat overwhelming, and you may not be sure of the next steps to take. Rather than attempting to figure out this process by yourself, simply contact our team via our web form and we will set up a call to answer your questions.
Mobile-workforce-management company Fleet Complete not only delivered during a recent surge in business, but even after extensive flooding at their Toronto headquarters, their fast-paced business continued seamlessly.
With secure @Microsoft cloud technology, including Microsoft Azure, Teams, and Dynamics 365, the company has experience over 50% YOY growth–despite the threat of disaster.
Does your company have a business continuity and disaster recovery plan in place? Interphase Systems, Inc. can help. Contact us to learn more.
To receive updates from Interphase Systems, Inc., and to learn more about how we can help with Applications and Infrastructure, subscribe today!
Manual processes, handwritten logs, and paper trails are not only inefficient, but they can be costly. These outdated business management techniques often result in error, duplication, and quality-control issues that can compromise efficiency, productivity, and morale.
But with cloud-based productivity and data centralization tools such as Microsoft Dynamics 365, you can modernize your business and achieve more.
At Interphase Systems, Inc., we understand the importance of modern digital tools to help businesses move forward. Contact us to learn more. #WhyCloud
Imagine if you could:
Identify sensitive information automatically.
Eliminate passwords entirely in favor of biometrics or pins.
Identify, quarantine, and wipe a compromised endpoint all from a single location.
Quantify your security position and gain insights on how to improve it.
All of this and more is possible with Azure Advanced Threat Protection, just one of four valuable tools included in Microsoft 365 Enterprise E5. Interested in what other tools are available to you? Interphase Systems, Inc. has the answers to your questions. Contact us to learn more.
Does your company follow password policy best practices? We often say that some companies spend millions of dollars on cyber security tools, but then forget about setting up the basics. For the last several years, a company called SplashData conducts an analysis of...
During some recent testing, we have discovered that the Local Active Directory attribute AccountExpires does not properly synchronize with Azure Active Directory (AAD), which is used with Office365. Many organizations use this feature (AccountExpires) to set a future...