Monday, 3 February 2020

Quick Guide to Office 365 Security Monitoring

For many organisations, Office 365 is their first foray into the world of cloud. That brings unique advantages – but unique challenges too.

For many organisations, Office 365 is their first foray into the world of cloud. That brings unique advantages – but unique challenges too. In this article, the Grant McGregor team talks you through the essentials of Office 365 security.

Office 365 is now the most widely used cloud application suite. Worldwide, it has more than 100 million active monthly users.

It should come as no surprise, then, that it is also a favourite of criminals. The Vade Secure Phishers’ Favourites report for Q2 2019 found that Microsoft is the most impersonated brand in phishing attacks – for the fifth quarter running.

Why is Office 365 so attractive to criminals?

One reason for this is the scope of the potential target base, of course. But another, more compelling reason, is the potential lucrativeness of Office 365 credentials.

The credentials of one user offers a single entry point to the entire Office 365 suite to which they have access – perfect for launching further phishing attacks and for conducting multi-phased attacks using compromised accounts.

The Vade Secure survey warns that cybercriminals will often pull code directly from the legitimate website when creating spoof Office 365 login pages. This makes it practically impossible for users to tell the difference between the site the criminals are using to harvest credentials and the real login page.

Furthermore, Vade research found that many Microsoft phishing pages referred users to legitimate Microsoft pages once they had captured the login credentials, making it doubly difficult for users to spot that there was something amiss.

What can you do to protect your Office 365 deployment and users?

Monitoring is an essential part of protecting your Office 365 deployment and users. Standard Microsoft tools make it easy to monitor a range of activities. The essential things you or your IT provider should be monitoring include:
• User access
• Administrator access controls
• File access and sharing
• Ensure you have Office 365 policies in place

You should also ensure you include the use of multi-factor authentication and that users are briefed on good password security as well as being trained in general security awareness.

Advanced monitoring that you should be undertaking

We know that once malicious actors have got a toehold into your network, their next step will be to seek greater access. Often, this comes in the form of seeking administrator privileges for the user whose credentials they’ve managed to swipe.

For this reason, you should be monitoring all changes to administrator rights. Ideally, you should be working on the principle of “least privilege”. Simply put, this means ensuring that each user has the absolute minimum rights necessary for them to be able to do their job.

Furthermore, you should employ separate email filtering as, whilst O365 is an excellent email platform, it’s not a dedicated security tool.

If you’d like advice about moving to Office 365 or which tools can help support more detailed security monitoring, the Grant McGregor team can assist.

For further advice, contact our team on: 0808 164 4142

Office 365 is a fantastic productivity suite with many great features. It’s easily scalable, cost effective and doesn’t require infrastructure on site. However, don’t let Office 365 become your organisation’s security weakness.

Image credit: dennizn /