Office 365’s user numbers are expected to surpass 100 million in 2017. With the vast amount of data shared via email in the Office 365 Suite, a critical question IT admins should be asking is: How secure is it?
While Office 365 comes equipped with native security features, the suite doesn’t offer the layered security protection businesses need to safeguard data. You can reduce risks by implementing a layered security approach. The key layers include: Policies & Training, Filtering & Encryption Services and Security Software.
LAYER I: Policies & Training
Phishing and spear-phishing attackers use a mix of social engineering and spoofed email addresses to obtain confidential information belonging to employees and customers. As well-known as these types of attacks are, there’s a reason they still exist: People still fall for them.
One of the best defenses against hackers is to implement consistent user training as well as enforce email polices. However, an estimated 80 percent of organizations don’t conduct security testing. Security policies and training should be reviewed continuously to keep up with the changing threatscape.
LAYER II: Filtering & Encryption Services
Encryption is critical to a layered security approach. Microsoft’s offering encrypts emails once they reach the server, but emails are at risk while in transit. To best protect emails, point-to-point encryption — which encrypts the message immediately — is necessary to protect the email throughout the entirety of its lifecycle.
Office 365 features some spam-filtering offerings, however filtering settings provide potential holes for spam, malware and phishing leaks. Utilizing a spam-filtering service in addition to Office 365’s native tools is a necessity.
Web filters with downstream monitoring will notice if a link changes after it has passed through a spam filter. It will then redirect the email safely away from the user’s inbox. When web and spam filtering are employed in a layered approach, sophisticated attacks can be stopped.
LAYER III: Security Software
While cloud-based filtering and encryption services can reduce the risk of email-borne malware, it’s important to have the right locally-installed security software to complement your filter as a final line of defense. Layered security is important as attacks come in different forms and no solution can block them all.
For example: A anti-virus solution can block and quarantine infected files brought in via local media. A network firewall cannot. A network firewall is intended to block attacks from outside the network. Locally-installed security software solutions should include anti-virus protection, content and image control and the ability to adapt to avoid lapses in security.
AppRiver created a complimentary whitepaper to help businesses secure confidential email and data in Office 365. “Layer by Layer: Protecting Email from Attack in Office 365,” provides actionable steps for businesses to reduce email-based malware attacks in the Office 365 environment by implementing a layered security approach. Download the whitepaper below: