How to Protect Against Phishing Emails in Microsoft 365

By Ntiva Editorial Team | August 7, 2019

Has your business invested in Microsoft 365? Good move! It’s a great cloud-based platform for business communication and collaboration, including its comprehensive email capabilities.

However, an investment in Microsoft 365 (formerly called Microsoft Office 365) is more than just an investment in the solution – it’s an investment in your entire business.

This is particularly true if you rely heavily on the email features in Outlook, which most of us do. 

Although Microsoft 365 does provide some security features, including Advanced Threat Protection (ATP), it still has some holes that you should be aware of.

Are Microsoft 365 phishing attacks increasing?

The rapid expansion of Microsoft 365 has made it a very attractive target, and thus more and more threats are emerging, specifically the frequency of phishing attacks.

The frequency of phishing within Outlook is estimated to cost the average organization 1.3 compromised accounts each month, according to Help Net Security. 

Email scams have increased in both sophistication and intensity – according to the Webroot Threat Report, nearly 1.5 million new phishing sites are created each month.

In fact, this shady business is so successful phishing attempts have grown 65% in the last year alone!

What is “spear phishing?”

According to the SANS Institute, 95% of all attacks on business networks are the result of successful spear phishing attacks.  In other words, a human opened an email and either clicked on a link or opened a file that they weren’t supposed to.

But while regular phishing typically involves mass mailings, spear phishing emails can appear to come from your own IT department, your own HR department, from a friend or colleague.

That’s why they’re so much easier to fall for – they set up a level of trust right from the get-go.

How vulnerable is your business to phishing?

Email security threats can’t be dismissed as something that won’t happen to you – no company or vertical is immune. Smaller businesses are actually considered easy pickings because they don’t devote as many resources toward cyber security protection as larger organization do.

And when email goes down, most businesses tends to grind to a halt, not to mention the damage that a successful cyber-attack can do to your business.

According to a Ponemon Institute report, a successful attack costs businesses an average of $2.2 million, when you add up not only theft  and damage to IT assets, but to disruption to business operations.

That's where the real costs come in - businesses tend to underestimate the cost of downtime.

How to make Outlook more secure!

There’s no reason to overlook Microsoft 365 as a terrific and cost-effective productivity suite, but you do need to consider layering on additional security above and beyond Microsoft ATP. 

There are many solid third party email security solutions that will pick up the slack where ATP is insufficient.

Cloud email security solutions, including a wide range of products from vendors such as AppRiver, can be crucial to protecting your investment in Office 365 and limiting your security risks.

As a minimum, start out by deploying advanced phishing and malware protection.

The default settings on Office 365 leave gaps for unwanted email, malware, and phishing leaks to get through.

Although they can be customized, it takes an expert to do it, and it can interfere with with the application's functionality.

Additional email security recommendations.

Here are two important recommendations for added email security:

  • Email Encryption. Outlook email messages are only encrypted when they reach the server, thus leaving emails vulnerable when in transit. Point-to-point encryption keeps messages private as they travel from sender to recipient and back. This is especially important for businesses who must comply with regulatory standards, including the new GDPR.
  • Email Archiving. Used to be that only certain verticals were mandated to archive emails for a certain period of time. But now all of us exchange valuable information and content over email, and it can be a gold mine of data that can be tapped later on – if properly archived. While Outlook email does offer some archiving capabilities, you will want to learn the difference between true email archiving and email backup, with the former making it much easier and faster to retrieve what you want.

The threats that businesses face with their email solutions can be daunting.  There are many robust solutions out there that are available to keep you secure, so be sure to ask a trusted IT consultant to help you figure out which is the best solution for you!

Interested in learning more?

We recommend this excellent e-book from our partner AppRiver -  The Essential Guide to Protecting Your Office 365 Investment with Robust Email Security  - which will give you more details on how to protect your Office 365 Outlook environment.


Download the guide: Protecting your office 365 investment with robust email security


Tags: Cybersecurity, Managed IT, Microsoft