Why you need extra protection on Office 365 emails.

Between 2016 and 2017 the number of emails sent globally containing ransomware increased by 6000%.

Think about that for a moment... not 100% or even 600%.

6000%.  

That’s a pandemic increase in email-based threats, and unfortunately, due to its practically ubiquitous nature in the world of business, Office 365 has become a profitable area for hackers to exploit. As more and more organisations onboard to Office 365, so the need to “hack-proof” the O365 environment becomes more essential. We’ve seen this manifest itself in the availability of cloud backup products, and our offering by way of example that now offer backups of entire Office 365 tenancies, with version control, redundancy, and granular restores to mitigate the damage caused by ransomware attacks.

Hang on, don’t I have a filter?

Office 365 has a built-in spam filter, and has kept many an inbox clear for a long time, but despite recent updates and dedicated efforts to improve its performance against malware and phishing, it can be a rather basic solution when ranged against the mind-boggling array of cyber-threats which now use email as a preferred attack vector. Right now, it’s more important than ever in business to ensure that your data is safe, not just to avoid embarrassing breaches or expensive thefts, but with a continuously growing focus on the security and the privacy of the individual online, anyone who

handles data and deals in certain geographies is bound by law to safeguard that data, or risk working outside of compliance, resulting in the possibility of big fines. Very big.

Office 365 offers two levels of security, Exchange Online Protection, or EOP, and Advanced Threat Protection, which uses some heuristics to look at email behaviour, can block filetypes and attachments and monitors mail accounts for SPAM-related markers. this level of protection is in the low-middle of the market. But new malware can often get through tried and tested email protection technologies. While Microsoft’s EOP can detect 100% of all known viruses, and updates every 15 minutes, it is not as effective at protecting against new or unknown malware threats, and of course, zero-day exploits.

Zero-day? Sounds scary…

A zero-day exploit is a type of cyber-attack that occurs on the same day that a weakness is discovered in a certain piece of software. At this point, the software weakness can be exploited before a fix or patch is made available from the software author. It is so called because zero days have passed since the weakness was discovered. If an email is infected with malware which then takes advantage of this newly discovered security hole, then obviously there will be no way of a spam or email filter that depends on a library of known threats to stop the attack.

So, what’s the answer?

The way to offset this is to anticipate the attacks by using email filtering systems with predictive techniques. Machine learning and advanced analytical tools such as Bayesian analysis (building an iterative approach to the probability of a threat as more information becomes apparent) and looking at the behaviour of an email; it’s content, links and attachments, addresses, SPF records and a whole list of other features.

Using these techniques, the software ‘learns’ to block new varieties of phishing, and zero-day attacks before they cause damage. There is no longer a requirement to have met the threat already.

Office 365s email security features don’t really measure up to these dedicated tools, as developing these software tools can be expensive and best left to niche security providers.

One such tool that we are using at Pearce IT to great effect, is SpamTitan.

What’s SpamTitan?

Spam titan, in addition to enhancing spam blocking, also adds an additional layer of data loss protection. It also includes powerful data-leak prevention rules to prevent data loss such as social security numbers, bank details, data containing tagged keywords and other pieces of Personally Identifiable Information (PII).

Advanced phishing protection includes whaling and spear phishing by performing real time inbound scanning on emails. Spam titan will search for key indicators in an email’s header, contents, or domain information, that suggests that it may be a phishing attempt. It can also perform reputation checks on links within the email.

When considering email safety and security it may seem counterintuitive to scan outgoing emails. SpamTitan provides outbound scanning, helping to prevent your organisations sender domain from being blacklisted due to circulating SPAM emails or emails containing malware. If your account or domain becomes blacklisted, it can be costly to reverse for your business.

Additionally, Office 365 does not come with full-tenancy protection and backup enabled as standard. Getting changes undone, or restoring data that has been lost to leaks, malware, malicious editors, or even total lockout due to ransomware, can be time-consuming, costly, and sometimes impossible to achieve. When you are thinking about putting locks on the doors, you should also make sure the house doesn’t flood, so fortunately we offer full-tenancy or individual user account Office 365 Cloud Backup solutions.

So, we’re safe?  

Well, it’s certainly advisable to use some sort of dedicated filter software if you’re in the business of staying in business. The more you can protect your data, and that of your customers, the better, and If there’s one thing we’ve learned recently, it’s the importance of not spreading viruses.

If you want to secure your email using the award winning SpamTitan email security, then get in touch with Pearce IT today.