How Secure Is Office 365? (Hint: It Could Be Better)
Organizations looking to reduce cost and increase efficiency often opt to replace multiple productivity solutions with a single suite–such as Office 365. And while Office 365 comes equipped with native security functions that protect data in a number of ways, it doesn’t offer the layered security protection businesses need to truly safeguard data.
Businesses need to look beyond what comes in the box and consider the liability that comes with too little protection.
As the sophistication and instances of phishing and spearphishing attacks continue to rise–not to mention the rising threat of conversation hijacking attacks and other social engineering efforts–organizations need to be ready to prevent infiltration at every angle. Implementing a layered security approach can help protect your network–and your bottom line.
Some of the key layers you should consider are:
Policies & Training: One of the best defenses against hackers an organization can have is consistent user training and enforced email policies.
Organizations should conduct periodic penetration tests to gauge how employees interact with them. By sending users suspicious–yet harmless–emails, organizations can see how susceptible they may be to attack through their employees’ actions. Should employees improperly interact with an email during the testing, it’s critical to discuss the exercise and emphasize best practices.
Email policies should be created in a manner that reduces risk of an attack while addressing your organization’s specific challenges and goals. Some basic policies for internal email should include: Don’t send emails in HTML format; don’t send unrequested attachments or hyperlinks; don’t include or ask for personal information.
Security policies and training should be constantly be reviewed to keep up with the changing threatscape.
Filtering & Encryption Services: Office 365 features some spam-filtering options, but the settings provide potential holes for spam, malware and phishing leaks. A spam-filter service in addition to Office 365’s native tools can help stop the flow of malicious emails to inboxes. Organizations should also consider adding encryption. Though Office 365 encrypts emails, encryption doesn’t begin until the email has reached the server–putting those emails at risk while in transit. To best protect emails, choose a solution that offers point-to-point encryption that will protect the email through its entire lifecycle.
Security Software: Attacks come in many different forms, and no solution can block them all. So, as a final line of defense, businesses should consider locally installed security software to complement cloud-based filtering and encryption solutions. Locally installed security software solutions should include anti-virus protection, content and image control, as well as the ability to avoid lapses in security.
AppRiver created a complimentary whitepaper to help businesses secure confidential email and data in Office 365. “Layer by Layer: Protecting Email from Attack in Office 365” provides actionable steps for businesses to reduce email-based malware attacks in the Office 365 environment by implementing a layered security approach. Download the whitepaper here.
This guest blog is part of a Channel Futures sponsorship.