Office 365 Email Security – Username and Password Alone are Not Enough

Lew Smith, Director of Consulting Services

Recently, Nasdaq.com posted an article indicating that Office 365 email attacks are increasing.  This is consistent with what we’re seeing and hearing in conversations with partners and prospective clients who have felt the impact directly (their email has been compromised).  Companies tend to forget that the Office 365 login portal is a web page open to anyone who wants to attempt a login.  Limiting login by country is a hot topic on the Office 365 UserVoice page, but even this will not be enough to stop malicious login attempts.

Unfortunately, users do not always follow best practices regarding password complexity and password use.  What I mean by “password use” is that we consistently discover passwords are not unique to each service or portal.  In other words, people apply the same passwords to many different sites and services.  While this is understandable from a memory recall perspective, this approach increases the security risk for your business.  Once any of these services is hacked, that password becomes available to hackers.  We have seen this happen countless times, which is why we’re launching a Dark Web scanning and alerting service.

Considering these details, how do you add another layer of security to protect your Office 365 email?  The easiest next step is to enable and deploy Multi-Factor Authentication (MFA), which is included in your Office 365 plan already.  MFA adds an additional “factor,” or data point, to the login process.  Once a username and password are entered, the user is prompted to associate the MFA details to finalize the login.  This additional factor can be delivered via several methods within Office 365, but we find that most companies prefer to deliver that factor via text message or the Microsoft Authenticator mobile app.

After reading that last paragraph, I know what you may be thinking.  Implementing a process such as this is going to add another layer to the login process for you and/or your team.  They will not be happy.  I’ve heard this exact same response, and many others, but the question you should be asking is: “Can my business survive an email attack?”  The potential financial, reputation, and business loss that can result from such a compromise can cripple your business.  With that said, 5-10 additional seconds during a login process is well worth the time to avoid such a catastrophe.

From a security perspective, the Microsoft Authenticator app is the most secure option available, and the easiest method to use, in my humble opinion.  Using this method, you simply need to tap “approve” once the app prompts you to verify your login, and then Office 365 finalizes the login process.  Should the app prompt you for an approval when you’re not actively logging in, you know that someone is attempting to access your account.  In such a situation, it might be a good time to change your password.  Better safe than sorry.

This may seem somewhat overwhelming, and you may not be sure of the next steps to take.  Rather than attempting to figure out this process by yourself, simply contact our team via our web form and we will set up a call to answer your questions.

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

A truly comprehensive security system does more than just provide “locks” for the entrances to a network, it searches for and reacts to threats that may have already entered the system.

The Advanced Threat Protection integrated throughout Microsoft 365 monitors and protects everything from data, to endpoints, to user identities. These tools are always working behind the scenes to keep your business secure, keeping you in the loop without overwhelming you with information.

At Interphase Systems, Inc., we believe in securing your business with a holistic strategy. Contact us to learn more.

Breaches happen. Learn how to protect your organization.

With a cleverly worded email and one unfortunate click, a hacker can gain access to your system within minutes, and stay there for an average of 286 days before being detected.

How can you avoid this scenario? Check out this infographic to learn about the three most common ways hackers can gain access to your system and the holistic approach Microsoft 365 takes to keep them out.

At Interphase Systems, Inc., our goal is to keep your business running without interruptions while remaining secure. Contact us to learn more.

A breach is inevitable. How can Microsoft help me detect and respond fast?

With a sinking feeling, you discover your network has been hacked. Questions race through your mind: How did this happen? What have they done inside our network? What information have we lost?

With the right tools and a good incident response plan, there is no need to panic. Interphase Systems and Microsoft 365 E5 can help you visualize an attacker’s movement through your system, recommend where to focus your investigation, and help recover files in OneDrive.

Security breaches are never fun, but they don’t have to be devastating. Contact the Information Security team at Interphase Systems to learn more about how to better protect your business, even from the worst-case scenario. 610-276-5500 or ce@interphasesystems.com

Customer Story: Guarding university data with a holistic security model

As compared to most businesses, universities have significantly less control over endpoints, such as devices used and the thousands of student user credentials they must give out each year. This makes them especially vulnerable to cyberattacks.

The University of Arizona realized this, so when it came time to overhaul their internal network, CatNet, they prioritized the implementation of a holistic security solution. They found that the solution with Microsoft was uniquely prepared to deliver a forward-thinking security system designed to meet the specific needs of a university.

Even in “risky” situations, effective, holistic security and peace of mind is achievable. Interphase Systems helps organizations modernize their infrastructure and information security. We can help your team do the same. Contact us to learn more.

Microsoft Security Intelligence Report: Volume 23

Botnets, hacker methods, and ransomware, oh my!

After compiling information across 100 countries and millions of computers, Microsoft has identified the latest threats affecting digital security. In this report, take a deep dive into the aforementioned topics to discover how your business might be at risk and steps you can take to protect yourself.

At Interphase Systems, Inc., we believe that protecting your business starts by arming yourself with information. We can help your firm enhance its information security. Contact us today to learn more. CE@interphasesystems.com or 610-276-5500.

Microsoft identity-driven security

“In more than 63 percent of data breaches, hackers gain corporate network access through weak, default, or stolen user credentials.”

Using outdated multiple-password security is like leaving your front door unlocked for attackers. That’s why Microsoft developed Azure Active Directory Premium, which keeps your front door locked and bolted with features such as a single, secure sign on for all apps for each employee and multi-factor identification to make your network less password reliant.

Microsoft recognizes the importance of identity-driven security and their holistic strategy doesn’t stop there. Check out this infographic to learn more and contact the Information Security team at Interphase Systems via 610-276-5500 or CE@interphasesystems.com for help with securing your company’s information.