Office 365, you need to be sure that you secure your tenant. As more and more businesses embrace Office 365 for email and the host of other services that comes with it, hackers have increased their attempts to compromise the service. You’d be surprised how frequently Office 365 tenants are compromised due to a lack of best practices to ensure its security.
Some of the most common compromises involve email phishing attacks, when hackers send you an email that looks amazingly legitimate, but is not. The email often asks you to login to your Office 365 account to reset your password, check your email quarantine or some other reason. Unless you check the links to confirm where they are taking you, you could very easily login to a compromised web site that exists soley for the purpose of capturing your username and password. Once captured, a hacker is able to mirror your email account or worse.
In some cases, hackers may use specific code to insert rules into your mailbox to forward every email you send and receive to the hackers email account. In this example, hackers monitor your email traffic with the intent of spoofing your email and sending email messages that look to be from you, but are really from the hacker. This is how many hackers steal money, but impersonating an actual user and sending requests for funds to be electronically transferred that may seem legitimate, but are far from it. While on the surface, this may seem hard to believe as you would think common sense would prevent someone from doing this. However, millions of dollars are lost every year to scams like this.
So, with increasing attacks against a very robust and popular email service, what should you do? For one, be sure you have an experienced resource to setup your Office 365 accounts that knows how to properly secure them. In its default configuration, Office 365 offers reasonable protections, but it is not hardened to prevent targeted attacks like the one described above and countless others.
It should go without saying that your user accounts should be setup with complex passwords that are required to be changed every 90 days. In most organizations, these accounts should be tied to your organizations Active Directory as well. It should also go without saying that you should enable 2 Factor Authentication, which is included with Office 365, to further secure your accounts and prevent most of these attacks from being successful.
There are many advanced hardening techniques that should be used. These include things like enabling all logging on the accounts. Should you ever suspect and issue, these logs will be critical to finding the data to validate whether or not you have been compromised. There are several highly technical elements to hardening Office 365 that I will not go in to here as it will not mean much to non-technically oriented readers.
A simple technique you can employ to help limit your risk of suffering a successful phish is to brand your Office 365 logon screen. Most hackers will not go through the added effort to determine if your organization is using a branded login page. By changing this page from its defaults, you can help avoid the risk of users being tricked into entering their username and password in to a compromised web page.
Like any online service, even those exposed to the Internet from internal networks, it is critically important to properly secure your systems. These risks are in no way unique to Office 365. The point is, you can’t settle for default configurations. Once hardened, you then need to be sure you have proper monitoring and alerting in place, so that you know of any and all attempts to compromise your systems.