365 – IN YOU WE TRUST – OR NOT?

MICROSOFT 365 FOR EMAIL

Exactly how secure is Microsoft 365 for email? Some say that the software is the best of breed for business, offering email and including well-known applications such as Word, Excel, PowerPoint, and Teams. But there are also skeptics out there, particularly when it comes to security concerns for those using Microsoft 365 for email. To coin at cliché, a chain is only as strong as its weakest link. No matter how robust Microsoft 365 cybersecurity is, it will not keep the uneducated user out of harms way when it comes to phishing, compromised passwords and ransomware.

A QUARTER SUFFERED AN EMAIL BREACH IN 2020

Last month a survey was conducted in the UK regarding Microsoft 365 email security. Approximately 420 businesses from a range of industry sectors were surveyed with 23% claiming that they had suffered an email security breach in 2020. 36% of these breaches were the result of phishing attacks, targeting what many consider to be the weakest point of any IT security system, the careless and uninformed end-user. 68% of the respondents stated that Microsoft 365 would keep them safe from all email threats. The irony is that 50% of those questioned use third-party cybersecurity solutions such as those offered by Mimecast, Cisco, and Forcepoint, claiming that they are 82% effective in preventing an email breach.

A PHISHY STORY

 To my mind, phishing, as an exemplar of manipulative social engineering, is arguably one of the most dangerous and exploitative forms of cyber-attack out there. Phishing works like this: An unsuspecting user opens an email, instant message, or text message thinking that it comes from a trusted source. The email may look exactly the same as that sent by a financial institution or an online retailer such as Amazon, eBay or Argos. The phisher wants the victim to click on a malicious link, enter their login credentials, credit card number or some other form of personal identification. If duped into doing this, what unfolds for the user is potentially disastrous. Clicking on a malicious link can have devasting and life-changing consequences. Computers can be hijacked through ransomware, massive unauthorized purchases can be made and identities stolen, never to be recovered.

DOES MICROSOFT 365 STOP PHISHING?

Going back to the Microsoft survey, 62% of the respondents stated that breaches were caused by compromised passwords and email phishing attacks. Can Microsoft 365 prevent these breaches from occurring? To add that extra layer of security, you need to implement Conditional Access rules plus Multi-Factor Authentication (MFA). This prevents users from logging into their accounts from unsecured networks. Of the respondents, 54% had not applied Conditional Access while 33% were not using MFA mechanisms.

WHAT YOU CAN DO

In Microsoft 365 we trust? Not on its own. You also need to be responsible for your email security. Implement MFA today, if you haven’t already done so. Use strong passwords and change these regularly. Don’t use the same password across different platforms – a password manager such as Last Pass will remember the credentials that you are bound to forget. And, whatever you do, don’t click on a link in a suspicious email, never ever. Not even out of curiosity. Remember what curiosity did to the cat. If you are still unsure about your cybersecurity practices, give me a call. I will ensure that you are 100% protected from email breaches, data theft, and compromised passwords.

Leave a comment